server: Optimize docker image sizes

cchudant commented 2 years ago

Description

On dockerhub, the images are very very big:

software => 852.76 MB
hardware => 929MB
hardware-dcsv3 => 853.85 MB

This is the compressed size, meaning the actual sizes are even bigger

Result of docker images <image> --format "{{.Size}}" currently (uncompressed size)

software => 2.96GB
hardware => 3.17GB
hardware-dcsv3 => 2.98GB

This pull request changes the uncompressed sizes to:

software => 281MB
hardware => 532MB (still big, it contains nodejs..)
hardware-dcsv3 => 286MB

I don't have the numbers for the compressed sizes

How is that possible?

Docker works on an overlay filesystem. This means, every time we use an instruction such as RUN during the build, it will create a new filesystem layer. The final image is just every layer overlapped on one another. This means that if we install a temporary dependency in a RUN command, we have to uninstall it in the same RUN command, or else, it will still impact the image size after being uninstalled.

The way this new Dockerfile works is by creating separate images for building the app and running it. Build images are quite big since they have all the build dependencies, and run images are as slim as possible, and optimized for size.

Docs: Developer environment

This PR introduces a base-build stage/image that has almost everything you need for developing on BlindAI server. This is a good opportunity to document how to create a proper dev environment for the server on the docs, using docker and vscode.

Something like

DOCKER_BUILDKIT=1 docker build \
  -f ./server/docker/build.dockerfile \
  -t blindai-dev-env \
  --target base-build \
  --name blindai-dev-env \
  --volume $(pwd):/blindai \
#  --device /dev/sgx/enclave \
#  --device /dev/sgx/provision \
  ./server

What do you think? Where in the docs would that fit?

Related Issue

None

Type of change

[ ] This change requires a documentation update
[ ] This change affects the client
[x] This change affects the server
[ ] This change affects the API
[ ] This change only concerns the documentation

How Has This Been Tested?

This has been tested in software mode on my machine. The images compile fine in hardware and hardware-dcsv3 mode, but I will need to test on actual machines to make sure I did not break anything (CI doesn't check hardware and hardware-dcsv3 yet)

This PR is marked as draft until I do these tests.

Checklist:

[x] My code follows the style guidelines of this project
[x] I have performed a self-review of my code
[x] I have commented my code, particularly in hard-to-understand areas
[ ] My changes generate no new warnings
[ ] I have updated the documentation according to my changes

JoFrost commented 2 years ago

Please check on the DCAP VM to do your tests. Do you still have the credentials?

cchudant commented 2 years ago

Please check on the DCAP VM to do your tests. Do you still have the credentials?

Yes I have! :)

JoFrost commented 2 years ago

I forgot to comment but I really like the idea of having a custom dev env

cchudant commented 2 years ago

I have ran the tests with the VM, for hardware, hardware-dcsv3. I had to make a minor change (see the last commit 3 days ago), I ran the tests again today, and it works! I'm excited to see how much of an improvement this is for the compressed sizes on dockerhub.

JoFrost commented 2 years ago

I'll test a bit on my side but this should be merged pretty fast. The version 0.3.0 will hopefully be live this week :D

mithril-security / blindai