diff --git a/Dockerfile b/Dockerfile index d23cf63582de3d840f4e64c8a88321dbd50df08c..e3dfa15dba60c509de1dc2bf26eba9ecc241dc3a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,7 +2,7 @@ ARG BASE_REGISTRY=registry1.dsop.io ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 ARG BASE_TAG=8.3 -FROM bitnami/airflow:2.0.1-debian-10-r53 as base +FROM bitnami/airflow:2.0.2-debian-10-r7 as base FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ARG BITNAMI_HOME=/opt/bitnami ARG BITNAMI_DIR=/bitnami @@ -16,6 +16,7 @@ ENV BITNAMI_PKG_EXTRA_DIRS="/opt/bitnami/airflow/dags" \ COPY --from=base ${BITNAMI_HOME} ${BITNAMI_HOME} COPY --from=base ${BITNAMI_DIR} ${BITNAMI_DIR} COPY --from=base \ + /usr/lib/x86_64-linux-gnu/libmariadb.so.3 \ /lib/x86_64-linux-gnu/libbz2.so.1.0 \ /usr/lib64/ @@ -47,7 +48,7 @@ RUN /opt/bitnami/scripts/airflow/postunpack.sh && \ ENV AIRFLOW_HOME="/opt/bitnami/airflow" \ BITNAMI_APP_NAME="airflow" \ - BITNAMI_IMAGE_VERSION="2.0.1-debian-10-r51" \ + BITNAMI_IMAGE_VERSION="2.0.2-debian-10-r7" \ LANG="en_US.UTF-8" \ LANGUAGE="en_US:en" \ LD_LIBRARY_PATH="/opt/bitnami/python/lib/:/opt/bitnami/airflow/venv/lib/python3.8/site-packages/numpy.libs/:$LD_LIBRARY_PATH" \ diff --git a/README.md b/README.md index 8093895f28b8d26a07b4b7de031760e71c3271b5..906ffc64aa4309b967700220a8514569ab567c49 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,5 @@ -# +# What is Apache Airflow? -<<<<<<< Updated upstream -Project template for all Iron Bank container repositories. -======= > Airflow is a platform to programmatically author, schedule and monitor workflows. https://airflow.apache.org/ @@ -37,8 +34,8 @@ You can find the default credentials and available configuration options in the Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags [in our documentation page](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers/). -* [`2`, `2-debian-10`, `2.0.1`, `2.0.1-debian-10-r50`, `latest` (2/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-airflow/blob/2.0.1-debian-10-r50/2/debian-10/Dockerfile) -* [`1`, `1-debian-10`, `1.10.15`, `1.10.15-debian-10-r17` (1/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-airflow/blob/1.10.15-debian-10-r17/1/debian-10/Dockerfile) +* [`2`, `2-debian-10`, `2.0.2`, `2.0.2-debian-10-r7`, `latest` (2/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-airflow/blob/2.0.2-debian-10-r7/2/debian-10/Dockerfile) +* [`1`, `1-debian-10`, `1.10.15`, `1.10.15-debian-10-r37` (1/debian-10/Dockerfile)](https://github.com/bitnami/bitnami-docker-airflow/blob/1.10.15-debian-10-r37/1/debian-10/Dockerfile) Subscribe to project updates by watching the [bitnami/airflow GitHub repo](https://github.com/bitnami/bitnami-docker-airflow). @@ -483,4 +480,3 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ->>>>>>> Stashed changes diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 15012fd7e092990ea41054b7bd47d69a934f7573..1c5e0b8e7fdeb969a19cd5577ce01d5081c829f1 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "bitnami/airflow" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "2.0.1" +- "2.0.2" # Build args passed to Dockerfile ARGs args: @@ -26,7 +26,7 @@ labels: org.opencontainers.image.url: "https://airflow.apache.org" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Bitnami" - org.opencontainers.image.version: "2.0.1" + org.opencontainers.image.version: "2.0.2" ## Keywords to help with search (ex. "cicd,gitops,golang") mil.dso.ironbank.image.keywords: "workflows,dags,tasks" ## This value can be "opensource" or "commercial" @@ -36,48 +36,18 @@ labels: # List of resources to make available to the offline build context resources: -- tag: bitnami/airflow:2.0.1-debian-10-r53 - url: docker://docker.io/bitnami/airflow@sha256:4a151e0f304bffa5d2804de9c2ef26200002a655ee46420a571684b19267e4a4 +- tag: bitnami/airflow:2.0.2-debian-10-r7 + url: docker://docker.io/bitnami/airflow@sha256:16218f6758effc084a391095feebe660f1b764f74e9f6a89f33c96a3524b9a1b - filename: thrift-0.14.1.tar.gz url: https://apache.osuosl.org/thrift/0.14.1/thrift-0.14.1.tar.gz validation: type: sha256 value: 13da5e1cd9c8a3bb89778c0337cc57eb0c29b08f3090b41cf6ab78594b410ca5 -- filename: pylint-2.7.2-py3-none-any.whl - url: https://files.pythonhosted.org/packages/b3/66/af8f80d4fa77dcd4cba9e56e136522838920a2eaf6794b784e1f377f84d9/pylint-2.7.2-py3-none-any.whl +- filename: httplib2-0.19.0-py3-none-any.whl + url: https://files.pythonhosted.org/packages/15/7e/51e5bd333c0afa1c7bdbf98eb3b0ccf5167e2b1ecc8b4d13e9cc29291f81/httplib2-0.19.0-py3-none-any.whl validation: type: sha256 - value: d09b0b07ba06bcdff463958f53f23df25e740ecd81895f7d2699ec04bbd8dc3b -- filename: networkx-2.5.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/f3/b7/c7f488101c0bb5e4178f3cde416004280fd40262433496830de8a8c21613/networkx-2.5.1-py3-none-any.whl - validation: - type: sha256 - value: 0635858ed7e989f4c574c2328380b452df892ae85084144c73d8cd819f0c4e06 -- filename: decorator-4.4.2-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/ed/1b/72a1821152d07cf1d8b6fce298aeb06a7eb90f4d6d41acec9861e7cc6df0/decorator-4.4.2-py2.py3-none-any.whl - validation: - type: sha256 - value: 41fa54c2a0cc4ba648be4fd43cff00aedf5b9465c9bf18d64325bc225f08f760 -- filename: aiohttp-3.7.4.post0-cp38-cp38-manylinux2014_x86_64.whl - url: https://files.pythonhosted.org/packages/a6/76/f18138b0ff84fcd939667a2efc2e1b49c871299f9091f84c06bb4c350c01/aiohttp-3.7.4.post0-cp38-cp38-manylinux2014_x86_64.whl - validation: - type: sha256 - value: 79ebfc238612123a713a457d92afb4096e2148be17df6c50fb9bf7a81c2f8013 -- filename: azure_storage_blob-12.8.0-py2.py3-none-any.whl - url: https://files.pythonhosted.org/packages/09/14/4ca417a9c92b0fb93516575dd7be9b058bf13d531dcc21239b5f8f216a69/azure_storage_blob-12.8.0-py2.py3-none-any.whl - validation: - type: sha256 - value: 46999df6e2cde8773739f7c3bd1eb5846d4b7dc1ef6e2161f3b6d1d0f21726ba -- filename: pytest-6.2.3-py3-none-any.whl - url: https://files.pythonhosted.org/packages/76/4d/9c00146923da9f1cabd1878209d71b1380d537ec331a1a613e8f4b9d7985/pytest-6.2.3-py3-none-any.whl - validation: - type: sha256 - value: 6ad9c7bdf517a808242b998ac20063c41532a570d088d77eec1ee12b0b5574bc -- filename: astroid-2.5.1-py3-none-any.whl - url: https://files.pythonhosted.org/packages/f1/49/d51e5ce77ea234ee416966e489283512a9852f78d9ff125747eae29e7b69/astroid-2.5.1-py3-none-any.whl - validation: - type: sha256 - value: 21d735aab248253531bb0f1e1e6d068f0ee23533e18ae8a6171ff892b98297cf + value: 749c32603f9bf16c1277f59531d502e8f1c2ca19901ae653b49c4ed698f0820e - filename: Babel-2.9.1-py2.py3-none-any.whl url: https://files.pythonhosted.org/packages/aa/96/4ba93c5f40459dc850d25f9ba93f869a623e77aaecc7a9344e19c01942cf/Babel-2.9.1-py2.py3-none-any.whl validation: diff --git a/prebuildfs/opt/bitnami/.bitnami_components.json b/prebuildfs/opt/bitnami/.bitnami_components.json index 67b2f7866024a4f63d6f447a260ba54309f7e8c5..b5ccf134e9a626786d1edbde6a7191ebc654f292 100644 --- a/prebuildfs/opt/bitnami/.bitnami_components.json +++ b/prebuildfs/opt/bitnami/.bitnami_components.json @@ -1,10 +1,10 @@ { "airflow": { "arch": "amd64", - "digest": "d837c8af9305cfcbed7dd0493336ba0e38d7a3aa211192a8f05d117a7b7734ab", + "digest": "3e17197854fd63215cef17296619809f92aad1d5f65f11826c58f40ce8cc914c", "distro": "debian-10", "type": "NAMI", - "version": "2.0.1-4" + "version": "2.0.2-0" }, "gosu": { "arch": "amd64", @@ -29,10 +29,10 @@ }, "python": { "arch": "amd64", - "digest": "4f1f6b81a3617dfaaa2c579510118ef6df07119977a5d6ca7df3cf485fca709a", + "digest": "b7a37a0590eff13717c191c90dc277f26706196c5fbf2a6b79019bd9f1032f68", "distro": "debian-10", "type": "NAMI", - "version": "3.8.9-0" + "version": "3.8.10-2" }, "wait-for-port": { "arch": "amd64", diff --git a/prebuildfs/opt/bitnami/scripts/libvalidations.sh b/prebuildfs/opt/bitnami/scripts/libvalidations.sh index 8d827924afe45f3e0ca361c081947fa5ac940bd6..ca5afc91c7b5e89a6e7593c1547e345082d7c115 100644 --- a/prebuildfs/opt/bitnami/scripts/libvalidations.sh +++ b/prebuildfs/opt/bitnami/scripts/libvalidations.sh @@ -181,7 +181,7 @@ validate_ipv4() { local stat=1 if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" + read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] stat=$? diff --git a/prebuildfs/opt/bitnami/scripts/libwebserver.sh b/prebuildfs/opt/bitnami/scripts/libwebserver.sh index 25bff4a05105695386164251442995542fb9ddc7..1280134f015c62ebe31a5427130177f526f48b61 100644 --- a/prebuildfs/opt/bitnami/scripts/libwebserver.sh +++ b/prebuildfs/opt/bitnami/scripts/libwebserver.sh @@ -180,6 +180,7 @@ web_server_reload() { # --apache-move-htaccess - Move .htaccess files to a common place so they can be loaded during Apache startup # NGINX-specific flags: # --nginx-additional-configuration - Additional server block configuration (no default) +# --nginx-external-configuration - Configuration external to server block (no default) # Returns: # true if the configuration was enabled, false otherwise ######################## @@ -212,6 +213,7 @@ ensure_web_server_app_configuration_exists() { | --apache-before-vhost-configuration \ | --apache-allow-override \ | --apache-extra-directory-configuration \ + | --apache-proxy-address \ | --apache-move-htaccess \ ) apache_args+=("${1//apache-/}" "${2:?missing value}") @@ -219,7 +221,8 @@ ensure_web_server_app_configuration_exists() { ;; # Specific NGINX flags - --nginx-additional-configuration) + --nginx-additional-configuration \ + | --nginx-external-configuration) nginx_args+=("${1//nginx-/}" "${2:?missing value}") shift ;; diff --git a/rootfs/opt/bitnami/scripts/airflow/entrypoint.sh b/rootfs/opt/bitnami/scripts/airflow/entrypoint.sh index c808f10806453564911530ce45198679d552c011..8fc90751a0ad4008b22072995e878e7accfbe2f7 100755 --- a/rootfs/opt/bitnami/scripts/airflow/entrypoint.sh +++ b/rootfs/opt/bitnami/scripts/airflow/entrypoint.sh @@ -16,6 +16,21 @@ set -o pipefail print_welcome_page +if ! am_i_root && [[ -e "$LIBNSS_WRAPPER_PATH" ]]; then + info "Enabling non-root system user with nss_wrapper" + echo "airflow:x:$(id -u):$(id -g):Airflow:$AIRFLOW_HOME:/bin/false" > "$NSS_WRAPPER_PASSWD" + echo "airflow:x:$(id -g):" > "$NSS_WRAPPER_GROUP" + + export LD_PRELOAD="$LIBNSS_WRAPPER_PATH" +fi + +# Install custom python package if requirements.txt is present +if [[ -f "/bitnami/python/requirements.txt" ]]; then + . /opt/bitnami/airflow/venv/bin/activate + pip install -r /bitnami/python/requirements.txt + deactivate +fi + if [[ "$*" = *"/opt/bitnami/scripts/airflow/run.sh"* || "$*" = *"/run.sh"* ]]; then info "** Starting Airflow setup **" /opt/bitnami/scripts/airflow/setup.sh diff --git a/rootfs/opt/bitnami/scripts/libairflow.sh b/rootfs/opt/bitnami/scripts/libairflow.sh index 7a6cde93e21fd80077caec15c7408fd7ef33188b..92549cfb95b1d29a525705106e295f8bdd832cad 100644 --- a/rootfs/opt/bitnami/scripts/libairflow.sh +++ b/rootfs/opt/bitnami/scripts/libairflow.sh @@ -2,8 +2,7 @@ # Bitnami Airflow library -# shellcheck disable=SC1091 -# shellcheck disable=SC2153 +# shellcheck disable=SC1091,SC2153 # Load Generic Libraries . /opt/bitnami/scripts/libfile.sh @@ -23,9 +22,17 @@ # Arguments: # None # Returns: -# None +# 0 if the validation succeeded, 1 otherwise ######################### airflow_validate() { + local error_code=0 + + # Auxiliary functions + print_validation_error() { + error "$1" + error_code=1 + } + # Check postgresql host [[ -z "$AIRFLOW_DATABASE_HOST" ]] && print_validation_error "Missing AIRFLOW_DATABASE_HOST" @@ -46,6 +53,8 @@ airflow_validate() { [[ -z "$AIRFLOW_POOL_DESC" ]] && print_validation_error "Provided AIRFLOW_POOL_NAME but missing AIRFLOW_POOL_DESC" [[ -z "$AIRFLOW_POOL_SIZE" ]] && print_validation_error "Provided AIRFLOW_POOL_NAME but missing AIRFLOW_POOL_SIZE" fi + + return "$error_code" } ######################## @@ -429,4 +438,4 @@ is_airflow_not_running() { airflow_stop() { info "Stopping Airflow..." stop_service_using_pid "$AIRFLOW_PID_FILE" -} \ No newline at end of file +}