Docker Image Cleanup

[warrenvw]

Moved from github.com/stackstorm/st2enterprise-dockerfiles#8

We'll need to investigate the ways to cleanup the resulting Docker images.

Not sure about the docker layer squashing, but for example, after working closer, it's not the StackStorm takes a lot of space, but its package dependencies are huge.

Here is the full list of dependencies if we try to install st2enterprise under clean ubuntu:xenial (31MB):

root@0a1cd8b86d1f:/# apt-get install bwc-enterprise
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  bwc-ui dh-python file git git-man ifupdown iproute2 isc-dhcp-client isc-dhcp-common less libatm1 libbsd0 libc-dev-bin libc6-dev libdns-export162 libedit2 liberror-perl libexpat1
  libexpat1-dev libffi-dev libgdbm3 libisc-export160 libmagic1 libmnl0 libmpdec2 libperl5.22 libpopt0 libpython-dev libpython2.7 libpython2.7-dev libpython2.7-minimal
  libpython2.7-stdlib libpython3-stdlib libpython3.5-minimal libpython3.5-stdlib libssl-dev libssl-doc libwrap0 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1
  libxtables11 libyaml-0-2 linux-libc-dev manpages manpages-dev mime-support ncurses-term netbase openssh-client openssh-server openssh-sftp-server patch perl perl-modules-5.22
  python2.7 python2.7-minimal python3 python3-chardet python3-minimal python3-pkg-resources python3-requests python3-six python3-urllib3 python3.5 python3.5-minimal rename rsync
  ssh-import-id st2 st2-auth-ldap st2flow sudo tcpd wget xauth zlib1g-dev
Suggested packages:
  libdpkg-perl gettext-base git-daemon-run | git-daemon-sysvinit git-doc git-el git-email git-gui gitk gitweb git-arch git-cvs git-mediawiki git-svn ppp rdnssd iproute2-doc resolvconf
  avahi-autoipd isc-dhcp-client-ddns apparmor glibc-doc man-browser ssh-askpass libpam-ssh keychain monkeysphere rssh molly-guard ufw ed diffutils-doc perl-doc libterm-readline-gnu-perl
  | libterm-readline-perl-perl make python2.7-doc binutils binfmt-support python3-doc python3-tk python3-venv python3-setuptools python3-ndg-httpsclient python3-openssl python3-pyasn1
  python3.5-venv python3.5-doc
The following NEW packages will be installed:
  bwc-enterprise bwc-ui dh-python file git git-man ifupdown iproute2 isc-dhcp-client isc-dhcp-common less libatm1 libbsd0 libc-dev-bin libc6-dev libdns-export162 libedit2 liberror-perl
  libexpat1 libexpat1-dev libffi-dev libgdbm3 libisc-export160 libmagic1 libmnl0 libmpdec2 libperl5.22 libpopt0 libpython-dev libpython2.7 libpython2.7-dev libpython2.7-minimal
  libpython2.7-stdlib libpython3-stdlib libpython3.5-minimal libpython3.5-stdlib libssl-dev libssl-doc libwrap0 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1
  libxtables11 libyaml-0-2 linux-libc-dev manpages manpages-dev mime-support ncurses-term netbase openssh-client openssh-server openssh-sftp-server patch perl perl-modules-5.22
  python2.7 python2.7-minimal python3 python3-chardet python3-minimal python3-pkg-resources python3-requests python3-six python3-urllib3 python3.5 python3.5-minimal rename rsync
  ssh-import-id st2 st2-auth-ldap st2flow sudo tcpd wget xauth zlib1g-dev
0 upgraded, 82 newly installed, 0 to remove and 2 not upgraded.
Need to get 90.5 MB of archives.
After this operation, 360 MB of additional disk space will be used.

First step

The first dependency candidate to remove is openssh-server:

root@0a1cd8b86d1f:/# apt-get install openssh-server
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  dh-python file libbsd0 libedit2 libexpat1 libmagic1 libmpdec2 libpython3-stdlib libpython3.5-minimal libpython3.5-stdlib libwrap0 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6
  libxext6 libxmuu1 mime-support ncurses-term openssh-client openssh-sftp-server python3 python3-chardet python3-minimal python3-pkg-resources python3-requests python3-six
  python3-urllib3 python3.5 python3.5-minimal ssh-import-id tcpd wget xauth
Suggested packages:
  libdpkg-perl ssh-askpass libpam-ssh keychain monkeysphere rssh molly-guard ufw python3-doc python3-tk python3-venv python3-setuptools python3-ndg-httpsclient python3-openssl
  python3-pyasn1 python3.5-venv python3.5-doc binutils binfmt-support
The following NEW packages will be installed:
  dh-python file libbsd0 libedit2 libexpat1 libmagic1 libmpdec2 libpython3-stdlib libpython3.5-minimal libpython3.5-stdlib libwrap0 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6
  libxext6 libxmuu1 mime-support ncurses-term openssh-client openssh-server openssh-sftp-server python3 python3-chardet python3-minimal python3-pkg-resources python3-requests
  python3-six python3-urllib3 python3.5 python3.5-minimal ssh-import-id tcpd wget xauth
0 upgraded, 36 newly installed, 0 to remove and 2 not upgraded.
Need to get 7,766 kB of archives.
After this operation, 44.2 MB of additional disk space will be used.

See why we do it: StackStorm/st2-packages#379. While we definitely need ssh client, can probably get rid of ssh server requirements for a Docker-friendly install.

Additionally, ssh server adds more burden to secrets handling, see from the installation:

Creating SSH2 RSA key; this may take some time ...
2048 SHA256:qIk57cnYNyPQf6O09jRosiYTJhKAszrp28GmU9oAKKI root@00dd8fb34e12 (RSA)
Creating SSH2 DSA key; this may take some time ...
1024 SHA256:6Pfoc2w3G5yEoWtNZyU+tw7LS2M12VAf0uCcMzXDbgc root@00dd8fb34e12 (DSA)
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:2AuYwxhCeRM7sj7caaaT8EPM1TqpCZ3AjMcRpb72n00 root@00dd8fb34e12 (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:pcCj21tGyRQ+nqJS1KCVKvk+rSoIooLNTCXBvd6lcy4 root@00dd8fb34e12 (ED25519)