initial commit

Dockerfile

+ARG BASE_REGISTRY=registry1.dsop.io
+ARG BASE_IMAGE=confluentinc/cp-zookeeper
+ARG BASE_TAG=5.5.2
+
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
+
+USER root
+
+ARG IMAGE_VERSION='5.5.2'
+ENV IMAGE_VERSION=${IMAGE_VERSION}
+ARG DOCKER_UPSTREAM_TAG
+ENV CONFLUENT_VERSION=${DOCKER_UPSTREAM_TAG}
+
+ENV ZOOKEEPER_CONFIG_DIR=/mnt/config
+ENV ZOOKEEPER_SECRETS_DIR=/mnt/secrets
+ENV ZOOKEEPER_LOG4J_DIR=/mnt/log
+ENV ZOOKEEPER_LOG_DIR=/mnt/data/txnlog
+ENV ZOOKEEPER_DATA_DIR=/mnt/data/data
+
+ENV DOCKER_SCRIPT_DIR=/opt/caas/bin
+ENV COMPONENT_SCRIPT_DIR=/opt/confluent/etc
+
+LABEL io.k8s.display-name="Confluent Zookeeper" \
+      io.k8s.description="Confluent Zookeeper for Confluent Operator" \
+      io.openshift.tags="confluent operator,confluent platform,event-streaming,zookeeper" \
+      name="Confluent Zookeeper" \
+      maintainer="Confluent Platform <operator@confluent.io>" \
+      vendor="Confluent, Inc" \
+      version="$IMAGE_VERSION" \
+      release="$IMAGE_VERSION" \
+      summary="Confluent Zookeeper Image for Confluent Operator" \
+      description="Confluent Zookeeper"
+
+WORKDIR /opt
+
+COPY opt/caas/lib/ /opt/caas/lib/
+COPY opt/plugins/ /usr/share/java/cc-base/
+COPY include/opt/caas /opt/caas
+
+RUN yum install -y openssl findutils && yum clean all && mkdir -p "${ZOOKEEPER_DATA_DIR}" "${ZOOKEEPER_LOG4J_DIR}" "${ZOOKEEPER_LOG_DIR}" "${ZOOKEEPER_CONFIG_DIR}" "${COMPONENT_SCRIPT_DIR}/${COMPONENT}" \
+   	&& chmod -R ag+w "${ZOOKEEPER_LOG4J_DIR}" "${ZOOKEEPER_LOG_DIR}" "${ZOOKEEPER_CONFIG_DIR}" "$ZOOKEEPER_DATA_DIR" "/opt"
+
+CMD ["/opt/caas/bin/run"]
+USER 1001
\ No newline at end of file

include/opt/caas/bin/configure

+#!/usr/bin/env bash
+#
+# Copyright 2018 Confluent Inc.
+#
+
+set -o nounset \
+    -o errexit
+
+dub ensure ZOOKEEPER_SECRETS_DIR
+dub ensure ZOOKEEPER_DATA_DIR
+dub ensure ZOOKEEPER_LOG4J_DIR
+dub ensure CAAS_POD_ID
+dub path "$ZOOKEEPER_DATA_DIR" writable
+
+id=${CAAS_POD_ID##*-};
+MYID_DEST_PATH="${ZOOKEEPER_DATA_DIR}/myid"
+echo ${id} > ${ZOOKEEPER_CONFIG_DIR}/myid
+MYID_SRC_PATH="${ZOOKEEPER_CONFIG_DIR}/myid"
+
+if [[ -f "${MYID_DEST_PATH}" ]]
+then
+  echo "$MYID_DEST_PATH already exists."
+  if cmp -s "$MYID_DEST_PATH" "$MYID_SRC_PATH"
+  then
+    echo "Contents of $MYID_DEST_PATH and $MYID_SRC_PATH match"
+  else
+    echo "Contents of $MYID_DEST_PATH and $MYID_SRC_PATH are different"
+    echo "===> Printing contents of $MYID_DEST_PATH"
+    cat "${MYID_DEST_PATH}"
+    echo "===> Printing contents of $MYID_SRC_PATH"
+    cat "${MYID_SRC_PATH}"
+    exit 1
+fi
+else
+  echo "$MYID_DEST_PATH not found."
+  echo "Copying ${MYID_SRC_PATH} to ${MYID_DEST_PATH}"
+  cp ${MYID_SRC_PATH} ${MYID_DEST_PATH}
+fi
+
+if [ -e /mnt/secrets/jksPassword.txt ]; then
+	export KEYSTOREPASSWORD=$(echo $(cat /mnt/secrets/jksPassword.txt | cut -d '='  -f2-) | sed 's/ *$//g')
+else
+	export KEYSTOREPASSWORD=mystorepassword
+fi
+create_keystore() {
+	keystore_path=$1
+	extra_certfile=${2:-""}
+	if [ -e /mnt/sslcerts/fullchain.pem ] && [ -e /mnt/sslcerts/privkey.pem ]; then
+  
+		args="-export
+			-in /mnt/sslcerts/fullchain.pem
+			-inkey /mnt/sslcerts/privkey.pem
+			-out /tmp/pkcs.p12
+			-name ${COMPONENT}
+			-passout pass:mykeypassword"
+
+		if [ ! -z ${extra_certfile} ] && [ -e ${extra_certfile} ]; then
+			args="${args} -certfile ${extra_certfile}"
+		fi
+		openssl pkcs12 ${args}
+
+		keytool -importkeystore \
+			-deststorepass ${KEYSTOREPASSWORD} \
+			-destkeypass ${KEYSTOREPASSWORD} \
+			-destkeystore ${keystore_path} \
+			-deststoretype pkcs12 \
+			-srckeystore /tmp/pkcs.p12 \
+			-srcstoretype PKCS12 \
+			-srcstorepass mykeypassword
+	fi
+}
+create_keystore /tmp/keystore.jks
+
+##
+## Put all CAs provided as part of caCerts.pem file to truststore
+##
+if [ -e /mnt/sslcerts/cacerts.pem ]; then
+mkdir -p /tmp/trustCAs
+cat /mnt/sslcerts/cacerts.pem | awk 'split_after==1{n++;split_after=0} /-----END CERTIFICATE-----/ {split_after=1} {print > ("/tmp/trustCAs/ca" n ".pem")}'
+for file in /tmp/trustCAs/*; do
+  fileName="${file##*/}"
+  keytool -import \
+          -trustcacerts \
+          -alias "$fileName" \
+          -file "$file" \
+          -keystore /tmp/truststore.jks \
+          -deststorepass ${KEYSTOREPASSWORD} \
+          -noprompt
+done
+fi
+
+cat ${ZOOKEEPER_CONFIG_DIR}/shared/zookeeper.properties > ${COMPONENT_SCRIPT_DIR}/${COMPONENT}/"${COMPONENT}".properties
+cat ${ZOOKEEPER_CONFIG_DIR}/zookeeper.properties >> ${COMPONENT_SCRIPT_DIR}/${COMPONENT}/"${COMPONENT}".properties
+cat ${ZOOKEEPER_CONFIG_DIR}/shared/log4j.properties >  ${COMPONENT_SCRIPT_DIR}/${COMPONENT}/log4j.properties
+cat ${ZOOKEEPER_CONFIG_DIR}/log4j.properties >> ${COMPONENT_SCRIPT_DIR}/${COMPONENT}/log4j.properties
+cat ${ZOOKEEPER_CONFIG_DIR}/shared/disk-usage-agent.properties >  ${COMPONENT_SCRIPT_DIR}/${COMPONENT}/disk-usage-agent.properties
+cat ${ZOOKEEPER_CONFIG_DIR}/shared/jvm.config > ${COMPONENT_SCRIPT_DIR}/${COMPONENT}/jvm.config
+cat ${ZOOKEEPER_CONFIG_DIR}/jvm.config >> ${COMPONENT_SCRIPT_DIR}/${COMPONENT}/jvm.config
+if [ -e ${ZOOKEEPER_CONFIG_DIR}/shared/jolokia.config ]; then
+	create_keystore /tmp/jolokia-keystore.jks /mnt/sslcerts/cacerts.pem
+  cat ${ZOOKEEPER_CONFIG_DIR}/shared/jolokia.config > ${COMPONENT_SCRIPT_DIR}/${COMPONENT}/jolokia.config
+fi
+cp /opt/caas/templates/jmx-exporter.yaml.j2 ${COMPONENT_SCRIPT_DIR}/jmx-exporter.yaml
+find ${COMPONENT_SCRIPT_DIR} -type f | xargs sed -i  "s/<<keystorepassword>>/${KEYSTOREPASSWORD}/g"

include/opt/caas/bin/ensure

+#!/usr/bin/env bash
+#
+# Copyright 2018 Confluent Inc.
+#
+set -o nounset \
+    -o errexit
+
+
+echo "===> Check that data dir is writable ..."
+dub path "$ZOOKEEPER_DATA_DIR" writable
+
+echo "===> Check that wal dir is writable ..."
+dub path "$ZOOKEEPER_LOG_DIR" writable
+
+echo "===> Check that log dir is writable ..."
+dub path "$ZOOKEEPER_LOG4J_DIR" writable
\ No newline at end of file

include/opt/caas/bin/launch

+#!/usr/bin/env bash
+#
+# Copyright 2018 Confluent Inc.
+#
+set -o errexit
+
+echo "===> Adding disk usage agent to the java command ... " 
+export EXTRA_ARGS="${EXTRA_ARGS} -javaagent:/usr/share/java/cc-base/disk-usage-agent-${CONFLUENT_VERSION}.jar=${COMPONENT_SCRIPT_DIR}/${COMPONENT}/disk-usage-agent.properties"
+
+echo "===> Adding jolokia agent to the java command ... " 
+export JOLOKIA_AGENT_PORT=${JOLOKIA_AGENT_PORT:-7777}
+export JOLOKIA_AGENT_HOST=${JOLOKIA_AGENT_HOST:-"0.0.0.0"}
+if [ -e "${COMPONENT_SCRIPT_DIR}/${COMPONENT}/jolokia.config" ]; then
+    export JOLOKIA_EXTRA_ARGS=",$(cat ${COMPONENT_SCRIPT_DIR}/${COMPONENT}/jolokia.config | xargs)"
+fi
+export EXTRA_ARGS="${EXTRA_ARGS} -javaagent:/opt/caas/lib/jolokia/jolokia-jvm-1.6.2-agent.jar=port=${JOLOKIA_AGENT_PORT},host=${JOLOKIA_AGENT_HOST}${JOLOKIA_EXTRA_ARGS}"
+
+echo "===> Adding jmx exporter to the java command ... " 
+export JMX_EXPORTER_AGENT_PORT=${JMX_EXPORTER_AGENT_PORT:-7778}
+export JMX_EXPORTER_AGENT_HOST=${JMX_EXPORTER_AGENT_HOST:-"0.0.0.0"}
+
+export EXTRA_ARGS="${EXTRA_ARGS} -javaagent:/opt/caas/lib/jmx_prometheus_javaagent-0.14.0.jar=${JMX_EXPORTER_AGENT_PORT}:${COMPONENT_SCRIPT_DIR}/jmx-exporter.yaml"
+
+# print all configurations
+# we always run Zookeeper as a cluster
+echo "===> Printing ${ZOOKEEPER_DATA_DIR}/myid "
+cat "${ZOOKEEPER_DATA_DIR}"/myid
+
+echo "===> Printing ${COMPONENT_SCRIPT_DIR}/${COMPONENT}/log4j.properties"
+export KAFKA_LOG4J_OPTS="-Dlog4j.configuration=file:${COMPONENT_SCRIPT_DIR}/${COMPONENT}/log4j.properties"
+
+echo "===> Adding logging json layout to CLASSPATH ... "
+export CLASSPATH=/usr/share/java/cc-base/log4j-json-layout-${CONFLUENT_VERSION}.jar
+
+echo "===> Adding JVM config to the java command ... "
+export EXTRA_ARGS="$(cat ${COMPONENT_SCRIPT_DIR}/${COMPONENT}/jvm.config | xargs) ${EXTRA_ARGS}"
+# These ensure that the "if" sections for heap sizing and GC tuning in kafka launch script does not trigger.
+export KAFKA_HEAP_OPTS=' '
+export KAFKA_JVM_PERFORMANCE_OPTS=' '
+echo "===> Launching ${COMPONENT} ... "
+exec zookeeper-server-start ${COMPONENT_SCRIPT_DIR}/${COMPONENT}/zookeeper.properties

include/opt/caas/bin/run

+#!/usr/bin/env bash
+#
+# Copyright 2018 Confluent Inc.
+#
+set -o nounset \
+    -o errexit
+
+echo "===> User"
+id
+
+echo "===> Configuring ..."
+${DOCKER_SCRIPT_DIR}/configure
+
+echo "===> Running preflight checks ... "
+${DOCKER_SCRIPT_DIR}/ensure
+
+echo "===> Launching ... "
+exec ${DOCKER_SCRIPT_DIR}/launch

include/opt/caas/templates/jmx-exporter.yaml.j2

+lowercaseOutputLabelNames: false
+lowercaseOutputName: true

licenses/licenses/confluent.txt

+Copyright 2020 Confluent, Inc.