[dockers] Prevent apt-get from installing suggested and recommended p…

…ackages by default (#1666)

* [docker-base] Instruct apt-get to NOT install 'recommended' or 'suggested' packages

* Modify docker-fpm-quagga, docker-snmp-sv2 and docker-sonic-vs Dockerfile templates in order to properly install .deb dependencies

* REDIS_SERVER depends on REDIS_TOOLS; ensure REDIS_TOOLS is always installed before REDIS_SERVER

dockers/docker-base/Dockerfile.j2

@@ -18,8 +18,9 @@ RUN rm -rf               \
 ENV DEBIAN_FRONTEND=noninteractive
 
 # Configure data sources for apt/dpkg
-COPY ["sources.list", "/etc/apt/sources.list"]
 COPY ["dpkg_01_drop", "/etc/dpkg/dpkg.cfg.d/01_drop"]
+COPY ["sources.list", "/etc/apt/sources.list"]
+COPY ["no_install_recommend_suggest", "/etc/apt/apt.conf.d"]
 RUN apt-get update
 
 # Pre-install fundamental packages

dockers/docker-base/no_install_recommend_suggest

@@ -0,0 +1,5 @@
+# Instruct apt-get to NOT install "recommended" or "suggested" packages by
+# default when installing a package.
+
+APT::Install-Recommends "false";
+APT::Install-Suggests "false";

dockers/docker-database/Dockerfile.j2

@@ -1,34 +1,34 @@
 FROM docker-config-engine
 
-## Make apt-get non-interactive
+# Make apt-get non-interactive
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Update apt's cache of available packages
 RUN apt-get update
 
-COPY \
-{% for deb in docker_database_debs.split(' ') -%}
-debs/{{ deb }}{{' '}}
-{%- endfor -%}
-debs/
-
-## Install redis-tools dependencies
-## TODO: implicitly install dependencies
-RUN apt-get -y install libjemalloc1
-
-RUN dpkg -i \
-{% for deb in docker_database_debs.split(' ') -%}
-debs/{{ deb }}{{' '}}
+{% if docker_database_debs.strip() -%}
+# Copy locally-built Debian package dependencies
+{%- for deb in docker_database_debs.split(' ') %}
+COPY debs/{{ deb }} /debs/
 {%- endfor %}
 
-## Clean up
-RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y
-RUN rm -rf /debs
-
-RUN sed -ri 's/^(save .*$)/# \1/g;                                                    \
-             s/^daemonize yes$/daemonize no/;                                           \
-             s/^logfile .*$/logfile ""/;                                                \
-             s/^# syslog-enabled no$/syslog-enabled no/;                                \
-             s/^# unixsocket/unixsocket/;                                               \
+# Install locally-built Debian packages and implicitly install their dependencies
+{%- for deb in docker_database_debs.split(' ') %}
+RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /debs/{{ deb }}
+{%- endfor %}
+{%- endif %}
+
+# Clean up
+RUN apt-get clean -y
+RUN apt-get autoclean -y
+RUN apt-get autoremove -y
+RUN rm -rf /debs ~/.cache
+
+RUN sed -ri 's/^(save .*$)/# \1/g;                       \
+             s/^daemonize yes$/daemonize no/;            \
+             s/^logfile .*$/logfile ""/;                 \
+             s/^# syslog-enabled no$/syslog-enabled no/; \
+             s/^# unixsocket/unixsocket/;                \
              s/^client-output-buffer-limit pubsub [0-9]+mb [0-9]+mb [0-9]+/client-output-buffer-limit pubsub 0 0 0/ \
             ' /etc/redis/redis.conf
 

dockers/docker-fpm-quagga/Dockerfile.j2

@@ -1,26 +1,31 @@
 FROM docker-config-engine
 
-## Make apt-get non-interactive
+# Make apt-get non-interactive
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Update apt's cache of available packages
 RUN apt-get update
 
-RUN apt-get install -y libdbus-1-3 libdaemon0 libjansson4 
+# Install required packages
+RUN apt-get install -y libdbus-1-3 libdaemon0 libjansson4
 
-COPY \
-{% for deb in docker_fpm_quagga_debs.split(' ') -%}
-debs/{{ deb }}{{' '}}
-{%- endfor -%}
-debs/
+{% if docker_fpm_quagga_debs.strip() -%}
+# Copy locally-built Debian package dependencies
+{%- for deb in docker_fpm_quagga_debs.split(' ') %}
+COPY debs/{{ deb }} /debs/
+{%- endfor %}
 
-RUN dpkg -i \
-{% for deb in docker_fpm_quagga_debs.split(' ') -%}
-debs/{{ deb }}{{' '}}
+# Install locally-built Debian packages and implicitly install their dependencies
+{%- for deb in docker_fpm_quagga_debs.split(' ') %}
+RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /debs/{{ deb }}
 {%- endfor %}
+{%- endif %}
 
-## Clean up
-RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y
-RUN rm -rf /debs
+# Clean up
+RUN apt-get clean -y
+RUN apt-get autoclean -y
+RUN apt-get autoremove -y
+RUN rm -rf /debs ~/.cache
 
 COPY ["bgpcfgd", "start.sh", "/usr/bin/"]
 COPY ["supervisord.conf", "/etc/supervisor/conf.d/"]

dockers/docker-snmp-sv2/Dockerfile.j2

@@ -1,52 +1,64 @@
 FROM docker-config-engine
 
-COPY [ \
-{% for deb in docker_snmp_sv2_debs.split(' ') -%}
-    "debs/{{ deb }}",
-{%- endfor %} \
-    "/debs/"]
-
-# Install Python SwSSSDK (SNMP subagent dependency)
-COPY python-wheels/sonic_platform_common-*-py3-*.whl /python-wheels/
-COPY python-wheels/swsssdk-*-py3-*.whl /python-wheels/
-COPY python-wheels/asyncsnmp-*-py3-*.whl /python-wheels/
-
-# enable -O for all Python calls
+# Enable -O for all Python calls
 ENV PYTHONOPTIMIZE 1
 
-## Make apt-get non-interactive
+# Make apt-get non-interactive
 ENV DEBIAN_FRONTEND=noninteractive
 
-# install libsnmp30 dependencies
-# install libpython3.6-dev dependencies
-# install pip dependencies
-# TODO: remove libpython3.6-dev, its and pip's dependencies if we can get pip3 directly
-# install subagent
-# clean up
-RUN apt-get update && apt-get install -y libperl5.20 libpci3 libwrap0 \
-            libexpat1-dev \
-            curl gcc && \
-    dpkg -i \
-{% for deb in docker_snmp_sv2_debs.split(' ') -%}
-        debs/{{ deb }}{{' '}}
-{%- endfor %} && \
-    rm -rf /debs && \
-    curl https://bootstrap.pypa.io/get-pip.py | python3.6 && \
-    python3.6 -m pip install --no-cache-dir /python-wheels/*py3*.whl hiredis && \
-    rm -rf /python-wheels && \
-    python3.6 -m sonic_ax_impl install && \
-    apt-get -y purge libpython3.6-dev libexpat1-dev curl gcc && \
-    apt-get clean -y && apt-get autoclean -y && apt-get autoremove -y --purge && \
-    find / | grep -E "__pycache__" | xargs rm -rf && \
-    rm -rf ~/.cache
+# Update apt's cache of available packages
+RUN apt-get update
+
+# Install curl so we can download and install pip later
+# Also install major root CA certificates for curl to reference
+RUN apt-get install -y curl ca-certificates
+
+# Install gcc which is required for installing hiredis
+RUN apt-get install -y gcc
+
+{% if docker_snmp_sv2_debs.strip() -%}
+# Copy locally-built Debian package dependencies
+{%- for deb in docker_snmp_sv2_debs.split(' ') %}
+COPY debs/{{ deb }} /debs/
+{%- endfor %}
+
+# Install locally-built Debian packages and implicitly install their dependencies
+{%- for deb in docker_snmp_sv2_debs.split(' ') %}
+RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /debs/{{ deb }}
+{%- endfor %}
+{%- endif %}
+
+# Install up-to-date version of pip
+RUN curl https://bootstrap.pypa.io/get-pip.py | python3.6
+RUN python3.6 -m pip install --no-cache-dir hiredis
+
+{% if docker_snmp_sv2_whls.strip() -%}
+# Copy locally-built Python wheel dependencies
+{%- for whl in docker_snmp_sv2_whls.split(' ') %}
+COPY python-wheels/{{ whl }} /python-wheels/
+{%- endfor %}
+
+# Install locally-built Python wheel dependencies
+{%- for whl in docker_snmp_sv2_whls.split(' ') %}
+RUN pip install /python-wheels/{{ whl }}
+{%- endfor %}
+{% endif %}
+
+RUN python3.6 -m sonic_ax_impl install
+
+# Clean up
+RUN apt-get -y purge libpython3.6-dev curl gcc
+RUN apt-get clean -y && apt-get autoclean -y && apt-get autoremove -y --purge
+RUN find / | grep -E "__pycache__" | xargs rm -rf
+RUN rm -rf /debs /python-wheels ~/.cache
 
 COPY ["start.sh", "/usr/bin/"]
 COPY ["supervisord.conf", "/etc/supervisor/conf.d/"]
 COPY ["*.j2", "/usr/share/sonic/templates/"]
 COPY ["snmpd-config-updater", "/usr/bin/snmpd-config-updater"]
 RUN chmod +x /usr/bin/snmpd-config-updater
 
-## Although exposing ports is not needed for host net mode, keep it for possible bridge mode
+# Although exposing ports is not needed for host net mode, keep it for possible bridge mode
 EXPOSE 161/udp 162/udp
 
 ENTRYPOINT ["/usr/bin/supervisord"]

platform/p4/docker-sonic-p4.mk

@@ -5,8 +5,8 @@ $(DOCKER_SONIC_P4)_PATH = $(PLATFORM_PATH)/docker-sonic-p4
 $(DOCKER_SONIC_P4)_DEPENDS += $(SWSS) \
                               $(SYNCD) \
                               $(P4_SWITCH) \
-                              $(REDIS_SERVER) \
                               $(REDIS_TOOLS) \
+                              $(REDIS_SERVER) \
                               $(PYTHON_SWSSCOMMON) \
                               $(LIBTEAMDCT) \
                               $(LIBTEAM_UTILS) \

platform/vs/docker-sonic-vs.mk

@@ -4,8 +4,8 @@ DOCKER_SONIC_VS = docker-sonic-vs.gz
 $(DOCKER_SONIC_VS)_PATH = $(PLATFORM_PATH)/docker-sonic-vs
 $(DOCKER_SONIC_VS)_DEPENDS += $(SWSS) \
                               $(SYNCD_VS) \
-                              $(REDIS_SERVER) \
                               $(REDIS_TOOLS) \
+                              $(REDIS_SERVER) \
                               $(PYTHON_SWSSCOMMON) \
                               $(LIBTEAMDCT) \
                               $(LIBTEAM_UTILS) \

platform/vs/docker-sonic-vs/Dockerfile.j2

@@ -43,20 +43,23 @@ RUN apt-get install -y net-tools \
 RUN pip install setuptools
 RUN pip install py2_ipaddress
 
-COPY \
-{% for deb in docker_sonic_vs_debs.split(' ') -%}
-debs/{{ deb }}{{' '}}
-{%- endfor -%}
-debs/
+{% if docker_sonic_vs_debs.strip() -%}
+# Copy locally-built Debian package dependencies
+{%- for deb in docker_sonic_vs_debs.split(' ') %}
+COPY debs/{{ deb }} /debs/
+{%- endfor %}
 
-RUN dpkg -i \
-{% for deb in docker_sonic_vs_debs.split(' ') -%}
-debs/{{ deb }}{{' '}}
+# Install locally-built Debian packages and implicitly install their dependencies
+{%- for deb in docker_sonic_vs_debs.split(' ') %}
+RUN dpkg_apt() { [ -f $1 ] && { dpkg -i $1 || apt-get -y install -f; } || return 1; }; dpkg_apt /debs/{{ deb }}
 {%- endfor %}
+{%- endif %}
 
-## Clean up
-RUN apt-get clean -y; apt-get autoclean -y; apt-get autoremove -y
-RUN rm -rf /debs
+# Clean up
+RUN apt-get clean -y
+RUN apt-get autoclean -y
+RUN apt-get autoremove -y
+RUN rm -rf /debs ~/.cache
 
 RUN sed -ri 's/^(save .*$)/# \1/g;                                                      \
              s/^daemonize yes$/daemonize no/;                                           \

rules/docker-database.mk

@@ -2,7 +2,7 @@
 
 DOCKER_DATABASE = docker-database.gz
 $(DOCKER_DATABASE)_PATH = $(DOCKERS_PATH)/docker-database
-$(DOCKER_DATABASE)_DEPENDS += $(REDIS_SERVER) $(REDIS_TOOLS)
+$(DOCKER_DATABASE)_DEPENDS += $(REDIS_TOOLS) $(REDIS_SERVER)
 $(DOCKER_DATABASE)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE)
 SONIC_DOCKER_IMAGES += $(DOCKER_DATABASE)
 SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_DATABASE)

rules/docker-snmp-sv2.mk

@@ -4,7 +4,7 @@ DOCKER_SNMP_SV2 = docker-snmp-sv2.gz
 $(DOCKER_SNMP_SV2)_PATH = $(DOCKERS_PATH)/docker-snmp-sv2
 ## TODO: remove LIBPY3_DEV if we can get pip3 directly
 $(DOCKER_SNMP_SV2)_DEPENDS += $(SNMP) $(SNMPD) $(PY3) $(LIBPY3_DEV)
-$(DOCKER_SNMP_SV2)_PYTHON_WHEELS += $(ASYNCSNMP_PY3)
+$(DOCKER_SNMP_SV2)_PYTHON_WHEELS += $(SONIC_PLATFORM_COMMON_PY3) $(SWSSSDK_PY3) $(ASYNCSNMP_PY3)
 $(DOCKER_SNMP_SV2)_LOAD_DOCKERS += $(DOCKER_CONFIG_ENGINE)
 SONIC_DOCKER_IMAGES += $(DOCKER_SNMP_SV2)
 SONIC_INSTALL_DOCKER_IMAGES += $(DOCKER_SNMP_SV2)