Tried to create a custom st2pack image, but have run into a number of issues.
Firstly, using the alpine 3.8 based image I created an image, however when trying to mount a volume inside the st2 container sensors wouldn't start:
root@stackstorm-i-01400f9ceacafe90e:/# /opt/stackstorm/virtualenvs/kubernetes/bin/python
bash: /opt/stackstorm/virtualenvs/kubernetes/bin/python: No such file or directory
root@stackstorm-i-01400f9ceacafe90e:/# ldd /opt/stackstorm/virtualenvs/kubernetes/bin/python
linux-vdso.so.1 => (0x00007ffd00d6a000)
libpython2.7.so.1.0 => /usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0 (0x00007fe9c7949000)
libc.musl-x86_64.so.1 => not found
Working on the assumption there's a mismatch between alpine libc (which uses musl-libc) and ubuntu trusty which uses glibc, I copied the python binary into one of the virtualenvs. This worked, however was missing a bunch of python libraries (oslo.config then st2common - i didn't keep installing them to see how many).
At this point I created an ubuntu trusty based st2pack image, and this starts up, however sensors are failing
2018-10-01 13:14:22,180 INFO [-] Sensor kubernetes.watchExtensionsV1beta1DeploymentListForAllNamespaces started
2018-10-01 13:14:22,180 DEBUG [-] 1 active sensor(s)
/opt/stackstorm/st2/lib/python2.7/site-packages/cryptography/hazmat/primitives/constant_time.py:26: CryptographyDeprecationWarning: Support for your Python version is deprecated. The next version of cryptography will remove support. Please upgrade to a 2.7.x release that supports hmac.compare_digest as soon as possible.
utils.DeprecatedIn23,
2018-10-01 13:14:23,067 INFO [-] Found config for sensor "watchExtensionsV1beta1DeploymentListForAllNamespaces"
2018-10-01 13:14:23,068 DEBUG [-] Connecting to Kubernetes endpoint https://master.andy2.eu-west-1.dev/apis/extensions/v1beta1/watch/deployments via api_client.
2018-10-01 13:14:23,068 INFO [-] Watcher started
2018-10-01 13:14:23,068 INFO [-] Running sensor initialization code
2018-10-01 13:14:23,069 DEBUG [-] Connecting to Kubernetes endpoint https://master.andy2.eu-west-1.dev/apis/extensions/v1beta1/watch/deployments via api_client.
2018-10-01 13:14:23,069 INFO [-] Running sensor in passive mode
2018-10-01 13:14:23,069 INFO [-] Watch /apis/extensions/v1beta1/watch/deployments for new data.
2018-10-01 13:14:23,076 WARNING [-] Sensor "watchExtensionsV1beta1DeploymentListForAllNamespaces" run method raised an exception: [('system library', 'fopen', 'No such file or directory'), ('BIO routines', 'file_ctrl', 'system lib'), ('SSL routines', 'SSL_CTX_use_certificate_file', 'system lib')].
Traceback (most recent call last):
File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2reactor/container/sensor_wrapper.py", line 223, in run
self._sensor_instance.run()
File "/opt/stackstorm/packs/kubernetes/sensors/sensor_base.py", line 83, in run
certfile=self.config['client_cert_path'])
File "/opt/stackstorm/virtualenvs/kubernetes/local/lib/python2.7/site-packages/backports/ssl/core.py", line 689, in wrap_socket
ctx.load_cert_chain(certfile, keyfile)
File "/opt/stackstorm/virtualenvs/kubernetes/local/lib/python2.7/site-packages/backports/ssl/core.py", line 659, in load_cert_chain
self._ctx.use_certificate_file(certfile)
File "/opt/stackstorm/st2/lib/python2.7/site-packages/OpenSSL/SSL.py", line 935, in use_certificate_file
_raise_current_error()
File "/opt/stackstorm/st2/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
Error: [('system library', 'fopen', 'No such file or directory'), ('BIO routines', 'file_ctrl', 'system lib'), ('SSL routines', 'SSL_CTX_use_certificate_file', 'system lib')]
2018-10-01 13:14:23,078 ERROR [-] Traceback (most recent call last):
2018-10-01 13:14:23,079 ERROR [-] File "/opt/stackstorm/st2/local/lib/python2.7/site-packages/st2reactor/container/sensor_wrapper.py", line 355, in <module>
FROM ubuntu:trusty AS builder
RUN apt-get update \
&& apt-get install -y software-properties-common \
&& add-apt-repository ppa:strukturag/libressl \
&& apt-get update \
&& apt-get install -y python python-pip \
&& pip install --upgrade pip setuptools \
&& pip install GitPython lockfile virtualenv \
&& apt-get install -y \
gcc \
git \
libffi-dev \
libressl-dev \
linux-headers-generic \
make \
musl-dev \
python-dev \
sudo
RUN python -m pip install -U "pip<10"
# Add st2common (orquesta must be installed separately otherwise there is an error when installing st2common)
RUN pip install -e git+https://github.com/StackStorm/orquesta.git@master#egg=orquesta
RUN pip install -e git+https://github.com/StackStorm/st2#egg=st2common\&subdirectory=st2common
RUN ln -s /usr/local/bin/virtualenv /usr/bin/virtualenv
# Before running st2-pack-install, ensure a basic st2.conf file exists and ARG PACKS is available
RUN mkdir -p /etc/st2
COPY files/st2.conf /etc/st2/st2.conf
ADD packs /packs
# Install custom packs
{% for pack in packlist %}
RUN /usr/local/bin/st2-pack-install {{ pack }}
{%- endfor %}
{% for pack in corelist %}
ADD packdefaults/{{ pack }} /opt/stackstorm/packs/{{ pack }}
{% endfor -%}
###########################
# Minimize the image size. Start with alpine:3.8,
# and add only packs and virtualenvs from builder.
FROM stackstorm/st2packs:runtime
ADD files/st2.d /st2-docker/st2.d
ADD files/entrypoint.d /st2-docker/entrypoint.d
RUN find /st2-docker
RUN ls -l /opt/stackstorm/packs
CMD tail -f /dev/null
In summary, I think there's probably 2-3 issues here in terms of getting a container loaded just with packs to work alongside the main stackstorm image. Have also had to add default packs (core, st2, chatops, packs and default) separately because of pack and virtualenv directory overlaps