Add stable/2402 branch and remove stable/2306 branch to docker executor image scripts
[ci-management.git] / docker / scripts / lib_apt.sh
index 0c37115..6cf37ae 100644 (file)
@@ -1,7 +1,7 @@
 # lib_apt.sh - Docker build script apt library.
 #              For import only.
 
-# Copyright (c) 2020 Cisco and/or its affiliates.
+# Copyright (c) 2023 Cisco and/or its affiliates.
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at:
@@ -21,7 +21,8 @@ fi
 alias lib_apt_imported=true
 
 export CIMAN_DOCKER_SCRIPTS=${CIMAN_DOCKER_SCRIPTS:-"$(dirname $BASH_SOURCE)"}
-. $CIMAN_DOCKER_SCRIPTS/lib_common.sh
+. "$CIMAN_DOCKER_SCRIPTS/lib_common.sh"
+. "$CIMAN_DOCKER_SCRIPTS/lib_csit.sh"
 
 dump_apt_package_list() {
     branchname="$(echo $branch | sed -e 's,/,_,')"
@@ -34,62 +35,12 @@ apt_install_packages() {
             --allow-change-held-packages $@
 }
 
-apt_install_docker_os_package_dependancies() {
-    # Assumes 'apt-get update -q' has aready been run.
-    apt_install_packages \
-        apt-transport-https \
-        ca-certificates \
-        curl \
-        gnupg-agent \
-        software-properties-common
-}
-
-# Used for older OS distro's which are incompatible
-# with modern distro cmake vesrion
-apt_override_cmake_install_with_pip3_version() {
-    local os_cmake="/usr/bin/cmake"
-    local os_cmake_ver="$($os_cmake --version | head -1)"
-    local pip3_cmake="/usr/local/bin/cmake"
-
-    python3 -m pip install --disable-pip-version-check cmake || true
-    local pip3_cmake_ver="$($pip3_cmake --version | head -1)"
-    echo_log "Overriding $OS_NAME '$os_cmake_ver' with '$pip3_cmake_ver'!"
-    sudo apt-get remove -y cmake --autoremove || true
-    update-alternatives --quiet --remove-all cmake || true
-    update-alternatives --quiet --install $os_cmake cmake $pip3_cmake 100
-    echo_log "Default cmake ($(which cmake)) version: '$(cmake --version | head -1)'!"
-}
-
-apt_install_docker() {
-    local apt_docker_gpg_key_file=$1
-    apt-key add $apt_docker_gpg_key_file
-    add-apt-repository "deb [arch=$DEB_ARCH] \
-    https://download.docker.com/linux/$OS_ID \
-    $(lsb_release -cs) stable"
-    apt-get update -q
-    apt_install_packages -y -qq docker-ce docker-ce-cli containerd.io
-    rm -rf $DOCKER_GPG_KEY_DIR
-}
+generate_apt_dockerfile_common() {
+    local executor_class="$1"
+    local executor_image="$2"
+    local dpkg_arch="$(dpkg --print-architecture)"
 
-generate_apt_dockerfile() {
-    local executor_os_name=$1
-    local from_image=$2
-    local executor_image=$3
-    local vpp_install_skip_sysctl_envvar="";
-
-    if grep -q debian-9  <<<$executor_os_name ; then
-        # Workaround to VPP package installation failure on debian-9
-        vpp_install_skip_sysctl_envvar="ENV VPP_INSTALL_SKIP_SYSCTL=1"
-    fi
-    cat <<EOF  >$DOCKERIGNOREFILE
-**/__pycache__
-*.pyc
-EOF
-    cat <<EOF >$DOCKERFILE
-FROM $from_image AS executor-image
-LABEL Description="FD.io CI executor docker image for $executor_os_name/$OS_ARCH"
-LABEL Vendor="fd.io"
-LABEL Version="$DOCKER_TAG"
+    cat <<EOF >>"$DOCKERFILE"
 
 # Create download dir to cache external tarballs
 WORKDIR $DOCKER_DOWNLOADS_DIR
@@ -100,245 +51,302 @@ WORKDIR $DOCKER_BUILD_DIR
 COPY . .
 
 # Build Environment Variables
-ENV DEBIAN_FRONTEND=noninteractive
-ENV FDIOTOOLS_IMAGE=$executor_image
-ENV LC_ALL=C.UTF-8
+ENV DEBIAN_FRONTEND="noninteractive"
+ENV FDIOTOOLS_IMAGE="$executor_image"
+ENV FDIOTOOLS_EXECUTOR_CLASS="$executor_class"
 ENV CIMAN_ROOT="$DOCKER_CIMAN_ROOT"
-ENV PATH=$PATH:$DOCKER_CIMAN_ROOT/docker/scripts
+ENV PATH="\$PATH:$DOCKER_CIMAN_ROOT/docker/scripts"
+
+# Configure locales
+RUN apt-get update -qq \\
+  && apt-get install -y \\
+        apt-utils \\
+        locales \\
+  && sed -i 's/# \(en_US\.UTF-8 .*\)/\1/' /etc/locale.gen \\
+  && locale-gen en_US.UTF-8 \\
+  && dpkg-reconfigure --frontend=noninteractive locales \\
+  && update-locale LANG=en_US.UTF-8 \\
+  && TZ=Etc/UTC && ln -snf /usr/share/zoneinfo/\$TZ /etc/localtime && echo \$TZ > /etc/timezone \\
+  && rm -r /var/lib/apt/lists/*
+ENV LANG="en_US.UTF-8" LANGUAGE="en_US" LC_ALL="en_US.UTF-8"
 
 # Install baseline packages (minimum build & utils).
 #
 # ci-management global-jjb requirements:
-#       facter
-#       python3-pip
-#       python3-venv
-#   for lftools:
-#       xmlstarlet
-#   from global-jjb/packer/provision/baseline.sh:
-#       unzip
-#       xz-utils
-#       puppet
-#       git
-#       git-review
-#       libxml2-dev
-#       libxml-xpath-perl
-#       libxslt-dev
-#       make
-#       wget
-#       jq
+#        facter
+#        python3-pip
+#        python3-venv
+#    for lftools:
+#        xmlstarlet
+#        libxml2-dev
+#        libxslt-dev
+#   from packer/provision/baseline.sh:
+#        unzip
+#        xz-utils
+#        git
+#        git-review
+#        libxml2-dev
+#        libxml-xpath-perl
+#        libxslt-dev
+#        make
+#        wget
+#        jq
 #
 # Python build from source requirements:
-#       build-essential
+#        build-essential
 #
-# TODO: Fix broken project requirement install targets
+# TODO:  Fix broken project requirement install targets
+#        graphviz         for doxygen (HICN)
+#        doxygen          for doxygen (HICN)
+#        libffi-dev       for python cffi install (Ubuntu20.04/VPP/aarch64)
+#        liblapack-dev    for python numpy/scipy (CSIT/aarch64)
+#        libopenblas-dev  for python numpy/scipy (CSIT/aarch64)
+#        libpcap-dev      for python pypcap install (CSIT)
+#        sshpass          for CSIT jobs
 #
-#   graphviz         for 'make bootstrap-doxygen' (VPP)
-#   doxygen          for 'make doxygen' (VPP)
-#   enchant          for 'make docs' (VPP)
-#   libffi-dev       for python cffi install (Ubuntu20.04/VPP/aarch64)
-#   liblapack-dev    for python numpy/scipy (CSIT/aarch64)
-#   libopenblas-dev  for python numpy/scipy (CSIT/aarch64)
-#   libpcap-dev      for python pypcap install (CSIT)
+RUN apt-get update -qq \\
+  && apt-get install -y \\
+             apt-transport-https \\
+             curl \\
+             ca-certificates \\
+             default-jdk \\
+             default-jre \\
+             dnsutils \\
+             doxygen \\
+             emacs \\
+             facter \\
+             gawk \\
+             gdb \\
+             gfortran \\
+             git \\
+             git-review \\
+             gnupg-agent \\
+             graphviz \\
+             iproute2 \\
+             iputils-clockdiff \\
+             iputils-ping \\
+             iputils-tracepath \\
+             jq \\
+             libffi-dev \\
+             liblapack-dev \\
+             libopenblas-dev \\
+             libpcap-dev \\
+             libxml-xpath-perl \\
+             make \\
+             python3-pip \\
+             python3-venv \\
+             rsync \\
+             ruby-dev \\
+             software-properties-common \\
+             sshpass \\
+             sysstat \\
+             sudo \\
+             traceroute \\
+             tree \\
+             vim \\
+             wget \\
+             xmlstarlet \\
+             xz-utils \\
+  && curl -L https://packagecloud.io/fdio/master/gpgkey | apt-key add - \\
+  && curl -s https://packagecloud.io/install/repositories/fdio/master/script.deb.sh | bash \\
+  && rm -r /var/lib/apt/lists/*
+
+# Install terraform for CSIT
 #
-RUN apt-get update -q \\
-    && apt-get install -y -qq \\
-        apt-utils \\
-        default-jdk \\
-        default-jre \\
-        doxygen \\
-        enchant \\
-        emacs \\
-        facter \\
-        gawk \\
-        gfortran \\
-        git \\
-        git-review \\
-        graphviz \\
-        iproute2 \\
-        iputils-clockdiff \\
-        iputils-ping \\
-        iputils-tracepath \\
-        jq \\
-        libffi-dev \\
-        liblapack-dev \\
-        libopenblas-dev \\
-        libpcap-dev \\
-        libxml2-dev \\
-        libxml-xpath-perl \\
-        libxslt-dev \\
-        make \\
-        python3-pip \\
-        python3-venv \\
-        rsync \\
-        ruby-dev \\
-        sudo \\
-        traceroute \\
-        tree \\
-        vim \\
-        wget \\
-        xmlstarlet \\
-        xz-utils \\
-    && rm -r /var/lib/apt/lists/*
+RUN wget https://releases.hashicorp.com/terraform/1.7.3/terraform_1.7.3_linux_$dpkg_arch.zip \\
+  && unzip terraform_1.7.3_linux_$dpkg_arch.zip \\
+  && mv terraform /usr/bin \\
+  && rm -f terraform_1.7.3_linux_$dpkg_arch.zip
 
 # Install packages for all project branches
 #
-RUN apt-get update -q \\
-    && dbld_install_docker.sh \\
-    && dbld_vpp_install_packages.sh \\
-    && dbld_csit_install_packages.sh \\
-    && dbld_lfit_requirements.sh \\
-    && rm -r /var/lib/apt/lists/*
+RUN apt-get update -qq \\
+  && dbld_vpp_install_packages.sh \\
+  && dbld_csit_install_packages.sh \\
+  && rm -r /var/lib/apt/lists/*
+EOF
+}
+
+generate_apt_dockerfile_clean() {
+    cat <<EOF >>"$DOCKERFILE"
+
+# Clean up copy-in build tree
+RUN dbld_dump_build_logs.sh \\
+  && rm -rf "/tmp/*" "$DOCKER_BUILD_FILES_DIR" "/root/.ccache"
+EOF
+}
+
+# Generate 'builder' class apt dockerfile
+builder_generate_apt_dockerfile() {
+    local executor_class="$1"
+    local executor_os_name="$2"
+    local executor_image="$3"
+    local vpp_install_skip_sysctl_envvar="";
+
+    generate_apt_dockerfile_common $executor_class $executor_image
+    csit_builder_generate_docker_build_files
+    cat <<EOF >>"$DOCKERFILE"
+
+# Install LF-IT requirements
+ENV LF_VENV="/root/lf-venv"
+RUN apt-get update -qq \\
+  && dbld_lfit_requirements.sh \\
+  && rm -r /var/lib/apt/lists/*
+
+# Install packagecloud requirements
+RUN gem install rake package_cloud \\
+  && curl -s https://packagecloud.io/install/repositories/fdio/master/script.deb.sh | bash
+
+# Install CSIT ssh requirements
+# TODO: Verify why badkey is required & figure out how to avoid it.
+COPY files/badkey /root/.ssh/id_rsa
+COPY files/sshconfig /root/.ssh/config
 
 # CI Runtime Environment
 WORKDIR /
 $vpp_install_skip_sysctl_envvar
-ENV VPP_ZOMBIE_NOCHECK=1
-ENV DOCKER_TEST=1
-# TODO: Mount ccache volume into docker container, then remove this.
-ENV CCACHE_DISABLE=1
-RUN gem install rake package_cloud \\
-    && curl -s https://packagecloud.io/install/repositories/fdio/master/script.deb.sh | sudo bash
+ENV VPP_ZOMBIE_NOCHECK="1"
+ENV CCACHE_DIR="/scratch/ccache"
+ENV CCACHE_MAXSIZE="10G"
+EOF
+    generate_apt_dockerfile_clean
+}
 
-# Clean up copy-in build tree
-RUN dbld_dump_build_logs.sh \\
-    && rm -rf /tmp/*
+# Generate 'csit_dut' class apt dockerfile
+csit_dut_generate_apt_dockerfile() {
+    local executor_class="$1"
+    local executor_os_name="$2"
+    local executor_image="$3"
+
+    csit_dut_generate_docker_build_files
+    generate_apt_dockerfile_common "$executor_class" "$executor_image"
+    cat <<EOF >>"$DOCKERFILE"
+
+# Install csit_dut specific packages
+RUN apt-get update -qq \\
+  && apt-get install -y \\
+             net-tools \\
+             openssh-server \\
+             pciutils \\
+             rsyslog \\
+             supervisor \\
+  && rm -r /var/lib/apt/lists/*
+
+# Fix permissions
+RUN chown root:syslog /var/log \\
+  && chmod 755 /etc/default
+
+# Create directory structure
+RUN mkdir -p /var/run/sshd
+
+# SSH settings
+RUN echo 'root:Csit1234' | chpasswd \\
+  && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \\
+  && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
+
+EXPOSE 2222
+
+COPY files/supervisord.conf /etc/supervisor/supervisord.conf
+
+CMD ["sh", "-c", "rm -f /dev/shm/db /dev/shm/global_vm /dev/shm/vpe-api; /usr/bin/supervisord -c /etc/supervisor/supervisord.conf; /usr/sbin/sshd -D -p 2222"]
 EOF
+    generate_apt_dockerfile_clean
 }
 
-write_apt_ubuntu_docker_gpg_keyfile() {
-    # To update docker gpg key
-    # curl -fsSL https://download.docker.com/linux/ubuntu/gpg
-    cat <<EOF >$DOCKER_APT_UBUNTU_DOCKER_GPGFILE
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
-lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
-38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
-L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
-UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
-cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
-ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
-vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
-G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
-XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
-q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
-tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
-BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
-v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
-tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
-jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
-6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
-XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
-FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
-g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
-ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
-9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
-G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
-FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
-EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
-M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
-Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
-w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
-z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
-eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
-VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
-1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
-zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
-pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
-ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
-BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
-1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
-YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
-mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
-KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
-JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
-cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
-6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
-U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
-VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
-irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
-SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
-QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
-9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
-24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
-dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
-Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
-H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
-/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
-M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
-xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
-jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
-YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
-=0YYh
------END PGP PUBLIC KEY BLOCK-----
+# Generate 'csit_shim' class apt dockerfile
+csit_shim_generate_apt_dockerfile() {
+    local executor_class="$1"
+    local executor_os_name="$2"
+    local executor_image="$3"
+
+    csit_shim_generate_docker_build_files
+    cat <<EOF >>"$DOCKERFILE"
+
+# Copy-in temporary build tree containing
+# ci-management, vpp, & csit git repos
+WORKDIR $DOCKER_BUILD_DIR
+COPY . .
+
+# Build Environment Variables
+ENV DEBIAN_FRONTEND="noninteractive"
+ENV FDIOTOOLS_IMAGE="$executor_image"
+ENV FDIOTOOLS_EXECUTOR_CLASS="$executor_class"
+ENV CIMAN_ROOT="$DOCKER_CIMAN_ROOT"
+ENV PATH="\$PATH:$DOCKER_CIMAN_ROOT/docker/scripts"
+
+# Configure locales & timezone
+RUN apt-get update -qq \\
+  && apt-get install -y \\
+             apt-utils \\
+             locales \\
+  && sed -i 's/# \(en_US\.UTF-8 .*\)/\1/' /etc/locale.gen \\
+  && locale-gen en_US.UTF-8 \\
+  && dpkg-reconfigure --frontend=noninteractive locales \\
+  && update-locale LANG=en_US.UTF-8 \\
+  && TZ=Etc/UTC && ln -snf /usr/share/zoneinfo/\$TZ /etc/localtime && echo \$TZ > /etc/timezone \\
+  && rm -r /var/lib/apt/lists/*
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US LC_ALL=en_US.UTF-8
+
+COPY files/wrapdocker /usr/local/bin/wrapdocker
+RUN chmod +x /usr/local/bin/wrapdocker
+
+# Install packages and Docker
+RUN apt-get update -qq \\
+  && apt-get install -y  \\
+             bash \\
+             curl \\
+             iproute2 \\
+             locales \\
+             ssh \\
+             sudo \\
+             tzdata \\
+             uuid-runtime \\
+  && curl -fsSL https://get.docker.com | sh \\
+  && rm -rf /var/lib/apt/lists/*
+
+RUN mkdir /var/run/sshd
+RUN echo 'root:Csit1234' | chpasswd
+RUN sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
+
+# SSH login fix. Otherwise user is kicked off after login
+RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
+
+# Need volume for sidecar docker launches
+VOLUME /var/lib/docker
+
+# SSH to listen on port 6022 in shim
+RUN echo 'Port 6022' >>/etc/ssh/sshd_config
+RUN echo 'Port 6023' >>/etc/ssh/sshd_config
+
+# TODO: Verify why badkeypub is required & figure out how to avoid it.
+COPY files/badkeypub /root/.ssh/authorized_keys
+COPY files/sshconfig /root/.ssh/config
+
+# Clean up copy-in build tree
+RUN rm -rf /tmp/* $DOCKER_BUILD_FILES_DIR
+
+# Start sshd by default
+EXPOSE 22
+CMD ["/usr/sbin/sshd", "-D"]
 EOF
 }
 
-write_apt_debian_docker_gpg_keyfile() {
-    # To update docker gpg key
-    # curl -fsSL https://download.docker.com/linux/debian/gpg
-    cat <<EOF >$DOCKER_APT_DEBIAN_DOCKER_GPGFILE
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
-lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
-38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
-L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
-UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
-cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
-ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
-vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
-G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
-XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
-q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
-tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQI3
-BBMBCgAhBQJYrefAAhsvBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEI2BgDwO
-v82IsskP/iQZo68flDQmNvn8X5XTd6RRaUH33kXYXquT6NkHJciS7E2gTJmqvMqd
-tI4mNYHCSEYxI5qrcYV5YqX9P6+Ko+vozo4nseUQLPH/ATQ4qL0Zok+1jkag3Lgk
-jonyUf9bwtWxFp05HC3GMHPhhcUSexCxQLQvnFWXD2sWLKivHp2fT8QbRGeZ+d3m
-6fqcd5Fu7pxsqm0EUDK5NL+nPIgYhN+auTrhgzhK1CShfGccM/wfRlei9Utz6p9P
-XRKIlWnXtT4qNGZNTN0tR+NLG/6Bqd8OYBaFAUcue/w1VW6JQ2VGYZHnZu9S8LMc
-FYBa5Ig9PxwGQOgq6RDKDbV+PqTQT5EFMeR1mrjckk4DQJjbxeMZbiNMG5kGECA8
-g383P3elhn03WGbEEa4MNc3Z4+7c236QI3xWJfNPdUbXRaAwhy/6rTSFbzwKB0Jm
-ebwzQfwjQY6f55MiI/RqDCyuPj3r3jyVRkK86pQKBAJwFHyqj9KaKXMZjfVnowLh
-9svIGfNbGHpucATqREvUHuQbNnqkCx8VVhtYkhDb9fEP2xBu5VvHbR+3nfVhMut5
-G34Ct5RS7Jt6LIfFdtcn8CaSas/l1HbiGeRgc70X/9aYx/V/CEJv0lIe8gP6uDoW
-FPIZ7d6vH+Vro6xuWEGiuMaiznap2KhZmpkgfupyFmplh0s6knymuQINBFit2ioB
-EADneL9S9m4vhU3blaRjVUUyJ7b/qTjcSylvCH5XUE6R2k+ckEZjfAMZPLpO+/tF
-M2JIJMD4SifKuS3xck9KtZGCufGmcwiLQRzeHF7vJUKrLD5RTkNi23ydvWZgPjtx
-Q+DTT1Zcn7BrQFY6FgnRoUVIxwtdw1bMY/89rsFgS5wwuMESd3Q2RYgb7EOFOpnu
-w6da7WakWf4IhnF5nsNYGDVaIHzpiqCl+uTbf1epCjrOlIzkZ3Z3Yk5CM/TiFzPk
-z2lLz89cpD8U+NtCsfagWWfjd2U3jDapgH+7nQnCEWpROtzaKHG6lA3pXdix5zG8
-eRc6/0IbUSWvfjKxLLPfNeCS2pCL3IeEI5nothEEYdQH6szpLog79xB9dVnJyKJb
-VfxXnseoYqVrRz2VVbUI5Blwm6B40E3eGVfUQWiux54DspyVMMk41Mx7QJ3iynIa
-1N4ZAqVMAEruyXTRTxc9XW0tYhDMA/1GYvz0EmFpm8LzTHA6sFVtPm/ZlNCX6P1X
-zJwrv7DSQKD6GGlBQUX+OeEJ8tTkkf8QTJSPUdh8P8YxDFS5EOGAvhhpMBYD42kQ
-pqXjEC+XcycTvGI7impgv9PDY1RCC1zkBjKPa120rNhv/hkVk/YhuGoajoHyy4h7
-ZQopdcMtpN2dgmhEegny9JCSwxfQmQ0zK0g7m6SHiKMwjwARAQABiQQ+BBgBCAAJ
-BQJYrdoqAhsCAikJEI2BgDwOv82IwV0gBBkBCAAGBQJYrdoqAAoJEH6gqcPyc/zY
-1WAP/2wJ+R0gE6qsce3rjaIz58PJmc8goKrir5hnElWhPgbq7cYIsW5qiFyLhkdp
-YcMmhD9mRiPpQn6Ya2w3e3B8zfIVKipbMBnke/ytZ9M7qHmDCcjoiSmwEXN3wKYI
-mD9VHONsl/CG1rU9Isw1jtB5g1YxuBA7M/m36XN6x2u+NtNMDB9P56yc4gfsZVES
-KA9v+yY2/l45L8d/WUkUi0YXomn6hyBGI7JrBLq0CX37GEYP6O9rrKipfz73XfO7
-JIGzOKZlljb/D9RX/g7nRbCn+3EtH7xnk+TK/50euEKw8SMUg147sJTcpQmv6UzZ
-cM4JgL0HbHVCojV4C/plELwMddALOFeYQzTif6sMRPf+3DSj8frbInjChC3yOLy0
-6br92KFom17EIj2CAcoeq7UPhi2oouYBwPxh5ytdehJkoo+sN7RIWua6P2WSmon5
-U888cSylXC0+ADFdgLX9K2zrDVYUG1vo8CX0vzxFBaHwN6Px26fhIT1/hYUHQR1z
-VfNDcyQmXqkOnZvvoMfz/Q0s9BhFJ/zU6AgQbIZE/hm1spsfgvtsD1frZfygXJ9f
-irP+MSAI80xHSf91qSRZOj4Pl3ZJNbq4yYxv0b1pkMqeGdjdCYhLU+LZ4wbQmpCk
-SVe2prlLureigXtmZfkqevRz7FrIZiu9ky8wnCAPwC7/zmS18rgP/17bOtL4/iIz
-QhxAAoAMWVrGyJivSkjhSGx1uCojsWfsTAm11P7jsruIL61ZzMUVE2aM3Pmj5G+W
-9AcZ58Em+1WsVnAXdUR//bMmhyr8wL/G1YO1V3JEJTRdxsSxdYa4deGBBY/Adpsw
-24jxhOJR+lsJpqIUeb999+R8euDhRHG9eFO7DRu6weatUJ6suupoDTRWtr/4yGqe
-dKxV3qQhNLSnaAzqW/1nA3iUB4k7kCaKZxhdhDbClf9P37qaRW467BLCVO/coL3y
-Vm50dwdrNtKpMBh3ZpbB1uJvgi9mXtyBOMJ3v8RZeDzFiG8HdCtg9RvIt/AIFoHR
-H3S+U79NT6i0KPzLImDfs8T7RlpyuMc4Ufs8ggyg9v3Ae6cN3eQyxcK3w0cbBwsh
-/nQNfsA6uu+9H7NhbehBMhYnpNZyrHzCmzyXkauwRAqoCbGCNykTRwsur9gS41TQ
-M8ssD1jFheOJf3hODnkKU+HKjvMROl1DK7zdmLdNzA1cvtZH/nCC9KPj1z8QC47S
-xx+dTZSx4ONAhwbS/LN3PoKtn8LPjY9NP9uDWI+TWYquS2U+KHDrBDlsgozDbs/O
-jCxcpDzNmXpWQHEtHU7649OXHP7UeNST1mCUCH5qdank0V1iejF6/CfTFU4MfcrG
-YT90qFF93M3v01BbxP+EIY2/9tiIPbrd
-=0YYh
------END PGP PUBLIC KEY BLOCK-----
+generate_apt_dockerfile() {
+    local executor_class="$1"
+    local executor_os_name="$2"
+    local from_image="$3"
+    local executor_image="$4"
+
+    cat <<EOF  >"$DOCKERIGNOREFILE"
+**/__pycache__
+*.pyc
+EOF
+    cat <<EOF  >"$DOCKERFILE"
+FROM $from_image AS ${executor_class}-executor-image
+LABEL Description="FD.io CI '$executor_class' executor docker image for $executor_os_name/$OS_ARCH"
+LABEL Vendor="fd.io"
+LABEL Version="$DOCKER_TAG"
 EOF
+    ${executor_class}_generate_apt_dockerfile "$executor_class" \
+        "$executor_os_name" "$executor_image"
 }