UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects
Commit 1c0a4b1d authored by Alexander Klepal's avatar Alexander Klepal
Browse files

Merge branch '7.2.0' into 'development' 

init

See merge request dsop/confluent/confluentinc/cp-enterprise-replicator-7.2.x!20
parents 89e7ffbc cef88934
No related branches found
No related tags found
2 merge requests!21Development,!20init
Pipeline #881700 passed with warnings
Stage: .pre
Stage: lint
Stage: import-artifacts
Stage: build
Stage: post-build
Stage: sbom-access-log
Stage: scanning
Stage: vat
Stage: csv-output
Stage: check-cves
Hide whitespace changes
Inline Side-by-side
Showing
with 865 additions and 2 deletions
Dockerfile 0 → 100644
+ 133
0
View file @ 1c0a4b1d
ARG BASE_REGISTRY=registry1.dso.mil
ARG BASE_IMAGE=redhat/openjdk/openjdk11
ARG BASE_TAG=1.11
FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
# This affects how strings in Java class files are interpreted.
# We want UTF-8 and this is the only locale in the base image that supports it
ENV LANG="C.UTF-8"
# IB custom ENV vars
ENV RPM_VERSION=7.2.0-1
ENV IMG_TAR_VERSION =7.2.0-1
USER root
########################################
## Install Python
RUN dnf update -y --nodocs && dnf install -y --nodocs python3 openssl tar procps iputils hostname \
&& ln -s /usr/bin/python3 /usr/bin/python \
&& ln -s /usr/bin/pip3 /usr/bin/pip \
&& alias python=python3 \
&& alias pip=pip3 \
&& alternatives --set python /usr/bin/python3
## Python Installed
########################################
########################################
## Add the Confluent Docker Utility Belt which helps with starting the proper applications
## https://github.com/confluentinc/common-docker/tree/master/utility-belt
COPY cp-base-new_*_UsrLocalLib64.tar.gz /usr/local
COPY cp-base-new_*_UsrLocalLib.tar.gz /usr/local
COPY cp-base-new_*_UsrShareJavaCp-base-new.tar.gz /usr/share/java
COPY confluent_docker_utils-0.0.52-py3-none-any.whl /tmp/confluent_docker_utils-0.0.52-py3-none-any.whl
COPY *.whl /tmp/python-dependencies/
## copy in the python libs and then
RUN cd /usr/local && tar -xvf *_UsrLocalLib64.tar.gz && rm *_UsrLocalLib64.tar.gz \
&& tar -xvf *_UsrLocalLib.tar.gz && rm *_UsrLocalLib.tar.gz \
&& cd /usr/share/java && tar -xvf *_UsrShareJavaCp-base-new.tar.gz && rm *_UsrShareJavaCp-base-new.tar.gz \
&& pip3 install --no-index --prefix=/usr/local --find-links /tmp/python-dependencies/ /tmp/confluent_docker_utils-0.0.52-py3-none-any.whl
## dub installed
########################################
RUN mkdir -p /usr/logs /licenses \
&& useradd --no-log-init --create-home --shell /bin/bash appuser
COPY LICENSE /licenses
RUN chown appuser:appuser -R /usr/logs
############ ^^^^^ Base Container Details ^^^^^ ############
############################################################
############ vvvvv This Container Below vvvvv ############
# Copy required RPMs
COPY *.rpm /tmp/
COPY archive.key /tmp/
########################################
# confluentinc/kafka-replicator-images
# allow arg override of required env params
ARG KAFKA_ZOOKEEPER_CONNECT
ENV KAFKA_ZOOKEEPER_CONNECT=${KAFKA_ZOOKEEPER_CONNECT}
ARG KAFKA_ADVERTISED_LISTENERS
ENV KAFKA_ADVERTISED_LISTENERS=${KAFKA_ADVERTISED_LISTENERS}
## Operator stuff
RUN mkdir -p /etc/confluent/ironbank
## For auditing & debugging
COPY Dockerfile /etc/confluent/ironbank/
COPY hardening_manifest.yaml /etc/confluent/ironbank/
ENV COMPONENT=kafka-connect
ENV CONFLUENT_VERSION=7.2.0
ENV CUB_CLASSPATH='"/usr/share/java/cp-base-new/*"'
# primary
EXPOSE 9092
# rest
EXPOSE 8083
RUN echo "===> Installing ${COMPONENT}" \
&& rpm --import /tmp/archive.key \
&& rpm -ivh --nodigest /tmp/confluent-common-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-rest-utils-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-metadata-service-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-server-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-rebalancer-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-security-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-ce-kafka-http-server-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-server-rest-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-telemetry-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-kafka-rest-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-schema-registry-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-control-center-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-control-center-fe-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-hub-client-${RPM_VERSION}.noarch.rpm \
/tmp/confluent-kafka-connect-replicator-${RPM_VERSION}.noarch.rpm \
&& echo "===> Clean up, Clean up" \
&& dnf clean all \
&& yum clean all \
&& rm -rf /tmp/* \
&& rm -rf /var/cache/dnf \
&& echo "===> Setting up ${COMPONENT} dirs ..." \
&& mkdir -p /usr/share/confluent-hub-components /var/lib/kafka/data /etc/kafka/secrets /etc/${COMPONENT} /etc/${COMPONENT}/secrets /etc/${COMPONENT}/jars /usr/logs \
&& chown appuser:root -R /etc/${COMPONENT} /usr/logs /etc/schema-registry /usr/share/confluent-hub-components /var/log/kafka /var/log/confluent /var/lib/kafka /var/lib/zookeeper /etc/kafka/secrets \
&& chmod -R ug+w /etc/kafka /var/lib/kafka/data /etc/kafka/secrets /etc/${COMPONENT} /etc/${COMPONENT}/secrets /etc/${COMPONENT}/jars /etc/schema-registry
ENV CONNECT_PLUGIN_PATH=/usr/share/java/,/usr/share/confluent-hub-components/
VOLUME ["/var/lib/kafka/data", "/etc/kafka/secrets", "/etc/${COMPONENT}/jars", "/etc/${COMPONENT}/secrets"]
COPY --chown=appuser:appuser scripts/include/etc/confluent/docker /etc/confluent/docker
USER appuser
CMD ["/etc/confluent/docker/run"]
# Polling period : 5 seconds
# Timeout period :10 seconds (if the polling does not return within this time, treat as a failed poll)
# Start-up period : 2 minutes (during which failures are not counted as failures)
# Retry period : 8 minutes (after which container is deemed unhealthy)
# All settings can be overriden at run-time in Docker/Docker Compose.
HEALTHCHECK --start-period=120s --interval=5s --timeout=10s --retries=96 \
CMD /usr/bin/kafka-topics --version
LICENSE 0 → 100644
+ 70
0
View file @ 1c0a4b1d
CONFLUENT LICENSE AGREEMENT
This Confluent License Agreement (“Agreement”) is a legal agreement between you (either an individual or an entity) (“Customer”) and Confluent, Inc. a Delaware corporation with offices at 101 University Avenue, Suite 111, Palo Alto, CA 94301 (“Confluent”), regarding proprietary software made available by Confluent for download in object code format (“Confluent Software”). BY CLICKING ON THE CHECKBOX THAT DEMONSTRATES ACCEPTANCE OF THIS AGREEMENT, OR BY USING THE CONFLUENT SOFTWARE, CUSTOMER EXPRESSLY ACCEPTS AND AGREES TO THE TERMS OF THIS AGREEMENT. IF YOU ARE AN INDIVIDUAL AGREEING TO THE TERMS OF THIS AGREEMENT ON BEHALF OF AN ENTITY, SUCH AS YOUR EMPLOYER, YOU REPRESENT THAT YOU HAVE THE LEGAL AUTHORITY TO BIND THAT ENTITY AND “CUSTOMER” SHALL REFER HEREIN TO SUCH ENTITY. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THE TERMS OF THIS AGREEMENT, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SOFTWARE.
1. LICENSE
1.1 Evaluation License. Subject to the terms of this Agreement, Confluent grants to Customer a limited, non-exclusive, non-transferable license solely during the Evaluation Term (as defined below) to use the Confluent Software solely for evaluation use in development and testing environments, and not for production use. As used herein, “Evaluation Term” means thirty (30) days from the date of download by Customer or such other period specified in writing by Confluent.
1.2 Developer License. In addition to the license granted in Section 1.1, and subject to the terms of this Agreement, Confluent grants to Customer a limited, non-exclusive, non-transferable license to use the Confluent Software on one or more clusters with a single broker per cluster, solely for evaluation use in development and testing environments, and not for production use.
1.3 Confluent Connectors. If Customer has an active subscription to the Confluent Platform, then, except for any Confluent Connectors that are designated as “preview” releases, any Confluent Connectors that Customer downloads from Confluent’s website or otherwise receives from Confluent will be subject to the terms of Customer’s Confluent subscription agreement applicable to Confluent’s proprietary software, not the terms of this Agreement.
1.4 Additional Restrictions and Limitations. The licenses granted herein do not include a right to sublicense. Customer shall not, and shall not permit or encourage any third party to: (a) use the Confluent Software other than as expressly permitted by this Agreement, or use the Confluent Software for third-party training, software-as-a-service, time-sharing or service bureau use or (b) disassemble, decompile or reverse engineer any portions of the Confluent Software, or otherwise attempt to gain access to the source code to such Confluent Software (or the underlying ideas, algorithms, structure or organization of the object code in the Confluent Software). The foregoing restriction is inapplicable to the extent prohibited by applicable law; provided that, in the event that Customer intends to disassemble, decompile or reverse engineer such Confluent Software, Customer shall first provide Confluent with written notice thereof.
1.5 Reservation of Rights. Confluent reserves all rights not expressly granted in this section. No rights are granted by implication.
1.6 Delivery of Materials. The Confluent Software, and any versions, updates or maintenance releases of any component thereof, will be delivered only through an electronic transfer.
1.7 Support and Maintenance. Confluent is not obligated to provide maintenance and support services for the Confluent Software licensed under this Agreement. In the event that Confluent, in its sole discretion, elects to make available to Customer any updates or maintenance releases of the Confluent Software, such updates or maintenance releases shall be deemed Confluent Software under this Agreement.
1.8 Preview Releases. Confluent may make available for download a preview release or beta version of Confluent Software, and Customer may elect to use such preview release at its sole discretion. Preview releases are intended for evaluation use in development and testing environments only, and not for production use. Confluent may discontinue providing preview releases of the Confluent Software at any time in Confluent’s sole discretion. Confluent is undertaking no obligation to release a generally available version of a preview release or any specific feature thereof. If Customer provides Confluent any suggestions, enhancement requests, recommendations, or other feedback regarding preview releases (“Feedback”), Confluent may freely use and incorporate into Confluent’s products and services any such Feedback. Feedback shall be considered Confidential Information, regardless of whether marked as such.
2. USER AND PERFORMANCE DATA. Confluent may from time to time use and process data about Customer’s use of the Confluent Software and Third Party Software for the purposes of creating statistics and analytics data. Confluent may use such data for its own business purposes, including to maintain and improve the Confluent Software, Third Party Software and other services and to monitor and analyse its activities in connection with the performance of such services. Customer acknowledges that certain features of the Confluent Software and Third Party Software are configured to collect and report telemetry data to Confluent as more particularly described in More Information Regarding Confluent Data Collection at https://www.confluent.io/moreinformation/. Customer may choose to disable transmission of this data to Confluent at any time. Confluent will use user data in accordance with Confluent’s Privacy Policy located at https://www.confluent.io/privacy/ subject, as applicable, to the Standard Contractual Clauses for Controllers as approved by the European Commission and available at http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32004D0915 (as amended, superseded or updated from time to time), which are incorporated by reference in, and form an integral part of, this Agreement.
3. OWNERSHIP. Customer acknowledges that Confluent or its licensors retain all proprietary rights, title and interest, including all intellectual property rights, in and to the Confluent Software and any changes, corrections, bug fixes, enhancements, updates and other modifications thereto (collectively, “Modifications”), and as between the parties all such rights shall vest in Confluent. Customer acknowledges that the licenses granted in Section 1 do not include the right to prepare any Modifications of the Confluent Software.
4. CONFIDENTIALITY
4.1 Nondisclosure and Limited Use. Each party shall retain in confidence the non-public information and know-how disclosed or made available by the other party pursuant to this Agreement which is either designated in writing as proprietary and/or confidential, if disclosed in writing, or if disclosed orally, is designated in writing (which may be via email) as confidential within thirty (30) days of the oral disclosure or should reasonably be understood to be confidential by the recipient (the “Confidential Information”). The Confluent Software, Modifications, and the terms and conditions of this Agreement shall be Confluent’s Confidential Information. Each party agrees to: (a) maintain the confidentiality of the other party’s Confidential Information; (b) refrain from using the other party’s Confidential Information except for the purpose of performing its obligations under this Agreement; and (c) not disclose such Confidential Information to any third party except to employees and subcontractors as is reasonably required in connection with the exercise of its rights and obligations under this Agreement (and only subject to binding written use and disclosure restrictions at least as protective as those set forth herein). Each party shall immediately notify the other party of any unauthorized disclosure or use of any Confidential Information and assist the other party in remedying such unauthorized use or disclosure by taking such steps as are reasonably requested by such other party. The foregoing obligations will not apply to Confidential Information of the other party which is: (i) already publicly known without breach of this Agreement; (ii) discovered or created by the receiving party without use of, or reference to, the Confidential Information of the disclosing party, as shown in records of the receiving party; (iii) otherwise known to the receiving party through no wrongful conduct of the receiving party, or (iv) required to be disclosed by law or court order; provided that the receiving party shall provide prompt notice thereof and reasonable assistance to the disclosing party to enable the disclosing party to seek a protective order or otherwise prevent or restrict such disclosure. Moreover, either party hereto may disclose any Confidential Information hereunder to such party’s agents, attorneys and other representatives (and only subject to confidentiality obligations at least as protective as those set forth herein) or any court of competent jurisdiction as reasonably required to resolve any dispute between the parties hereto.
4.2 Remedies. Any breach or threatened breach of this Section may cause irreparable injury to the disclosing party and, in addition to any other remedies that may be available, in law, in equity or otherwise, the disclosing party shall be entitled to seek injunctive relief against the threatened breach of this Agreement or the continuation of any such breach by the receiving party, without the necessity of proving actual damages or posting any bond, in addition to any other rights or remedies provided by law.
5. DISCLAIMER OF WARRANTIES AND LIMITATION OF LIABILITY
5.1 Disclaimer of Any Warranties. CONFLUENT MAKES NO WARRANTIES, EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, WITH RESPECT TO THE CONFLUENT SOFTWARE OR ANY OTHER MATERIALS PROVIDED HEREUNDER. CONFLUENT SPECIFICALLY DISCLAIMS ALL OTHER WARRANTIES, EXPRESS AND IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT AND THOSE ARISING FROM A COURSE OF DEALING OR USAGE OR TRADE, AND ALL SUCH WARRANTIES ARE HEREBY EXCLUDED TO THE FULLEST EXTENT PERMITTED BY LAW. THE CONFLUENT SOFTWARE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS.
5.2 Limitation of Liability. IN NO EVENT SHALL CONFLUENT’S LIABILITY ARISING UNDER THIS AGREEMENT EXCEED $500. CONFLUENT WILL NOT BE LIABLE TO CUSTOMER FOR ANY CONSEQUENTIAL, INCIDENTAL, SPECIAL, INDIRECT, PUNITIVE OR EXEMPLARY DAMAGES, INCLUDING WITHOUT LIMITATION LOST PROFITS, BUSINESS, CONTRACTS, REVENUE, GOODWILL, PRODUCTION, ANTICIPATED SAVINGS, LOSS OF DATA, OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY CLAIM OR DEMAND BY ANY OTHER PARTY, HOWEVER CAUSED AND (TO THE FULLEST EXTENT PERMITTED BY LAW) UNDER ANY THEORY OF LIABILITY (INCLUDING NEGLIGENCE) EVEN IF CONFLUENT HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. CUSTOMER ACKNOWLEDGES THAT THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.
6. TERM AND TERMINATION
6.2 Term. Unless earlier terminated as provided in this Section, this Agreement and the license granted hereunder will be effective as of the Effective Date and will immediately terminate if Customer breaches Section 1 of this Agreement, regardless of whether Confluent notifies Customer of such termination.
6.2 Termination. Either party shall have the right to terminate this Agreement and the license granted herein upon written notice in the event the other party fails to perform or observe any material term or condition of this Agreement and such default has not been cured no later than ten (10) days after written notice of such default to the other party. Confluent may also terminate this Agreement immediately if the Customer: (a) terminates or suspends its business; (b) becomes subject to any bankruptcy or insolvency proceeding under Federal or state statute; (c) becomes insolvent or subject to direct control by a trustee, receiver or similar authority; or (d) has wound up or liquidated, voluntarily or otherwise.
6.3 Effect of Termination. The provisions of this Agreement that by their nature extend beyond the termination of this Agreement will survive termination. All of Customer’s rights in the Confluent Software will terminate immediately upon termination of this Agreement. No later than five (5) days after termination of this Agreement, Customer shall return to Confluent or, upon Confluent’s request, destroy or render inaccessible, at Customer’s sole expense, all Confidential Information of Confluent and materials containing any Confidential Information of Confluent, and discontinue use of and uninstall the Confluent Software, including all copies thereof. Nothing contained herein shall limit any other remedies that Confluent may have for the default of Customer under this Agreement nor relieve Customer of any of its obligations incurred prior to such termination.
7. MISCELLANEOUS
7.1 Assignment. Customer shall not assign or otherwise transfer this Agreement or any rights or obligations hereunder, in whole or in part, whether by operation of law or otherwise, to any third party without Confluent’s prior written consent. Any purported transfer, assignment or delegation without such prior written consent will be null and void and of no force or effect. Confluent shall have the right to assign this Agreement to any successor to its business or assets to which this Agreement relates, whether by merger, sale of assets, sale of stock, reorganization or otherwise. Subject to this Section, this Agreement shall be binding upon and inure to the benefit of the parties hereto, and their respective successors and permitted assigns.
7.2 Entire Agreement; Modification; Waiver. This Agreement represents the entire agreement between the parties, and supersedes all prior agreements and understandings, written or oral, with respect to the matters covered by this Agreement, and is not intended to confer upon any third party any rights or remedies hereunder. Customer acknowledges that it has not entered in this Agreement based on any representations other than those contained herein. No modification of or amendment to this Agreement, nor any waiver of any rights under this Agreement, shall be effective unless in writing and signed by both parties. The waiver of one breach or default or any delay in exercising any rights shall not constitute a waiver of any subsequent breach or default.
7.3 Third Party Software. Confluent also makes available certain third party open source software as identified at http://www.confluent.io/third_party_software (“Third Party Software”). The Third Party Software shall be subject to the applicable open source license(s) and not this Agreement, and is provided by Confluent at no charge. To the extent the terms of open source licenses applicable to Third Party Software prohibit any of the restrictions in this Agreement, such restrictions will not apply to such Third Party Software. To the extent the terms of open source licenses applicable to Third Party Software require Confluent to make an offer to provide source code or related information in connection with the Third Party Software, such offer is made.
7.4 Governing Law. This Agreement shall in all respects be governed by the laws of the State of California without reference to its principles of conflicts of laws. The parties hereby agree that all disputes arising out of this Agreement shall be subject to the exclusive jurisdiction of and venue in the federal and state courts within Santa Clara County, California. Customer hereby consents to the personal and exclusive jurisdiction and venue of these courts. The parties hereby disclaim and exclude the application hereto of the United Nations Convention on Contracts for the International Sale of Goods.
7.5 Severability. If any provision of this Agreement is held invalid or unenforceable under applicable law by a court of competent jurisdiction, it shall be replaced with the valid provision that most closely reflects the intent of the parties and the remaining provisions of the Agreement will remain in full force and effect.
7.6 Relationship of the Parties. Nothing in this Agreement is to be construed as creating an agency, partnership, or joint venture relationship between the parties hereto. Neither party shall have any right or authority to assume or create any obligations or to make any representations or warranties on behalf of any other party, whether express or implied, or to bind the other party in any respect whatsoever.
7.7 Notices. All notices permitted or required under this Agreement shall be in writing and shall be deemed to have been given when delivered in person (including by overnight courier), or three (3) business days after being mailed by first class, registered or certified mail, postage prepaid, to the address of the party specified in this Agreement or such other address as either party may specify in writing.
7.8 U.S. Government Restricted Rights. If Confluent Software is being licensed by the U.S. Government, the Confluent Software is deemed to be “commercial computer software” and “commercial computer documentation” developed exclusively at private expense, and (a) if acquired by or on behalf of a civilian agency, shall be subject solely to the terms of this computer software license as specified in 48 C.F.R. 12.212 of the Federal Acquisition Regulations and its successors; and (b) if acquired by or on behalf of units of the Department of Defense (“DOD”) shall be subject to the terms of this commercial computer software license as specified in 48 C.F.R. 227.7202-2, DOD FAR Supplement and its successors.
7.9 Export Law Assurances. Customer understands that the Confluent Software is subject to export control laws and regulations. Customer may not download or otherwise export or re-export the Confluent Software or any underlying information or technology except in full compliance with all applicable laws and regulations, in particular, but without limitation, United States export control laws. None of the Confluent Software or any underlying information or technology may be downloaded or otherwise exported or re- exported: (a) into (or to a national or resident of) any country to which the United States has embargoed goods; or (b) to anyone on the U.S. Treasury Department’s list of specially designated nationals or the U.S. Commerce Department’s list of prohibited countries or debarred or denied persons or entities. Customer hereby agrees to the foregoing and represents and warrants that customer is not located in, under control of, or a national or resident of any such country or on any such list.
7.10 Construction. The titles and section headings used in this Agreement are for ease of reference only and shall not be used in the interpretation or construction of this Agreement. No rule of construction resolving any ambiguity in favor of the non-drafting party shall be applied hereto. The word “including”, when used herein, is illustrative rather than exclusive and means “including, without limitation.”
(v. March 2019)
Link: https://www.confluent.io/confluent-software-evaluation-license/
README.md
+ 9
2
View file @ 1c0a4b1d
# <application name>
# cp-enterprise-replicator-7.1.x
This repository creates the Confluent cp-server Operator. Fundamentally the Dockerfile is the summation of Confluent's cp-base-new, cp-server, and cp-server images.
Architecture: https://www.confluent.io/resources/apache-kafka-confluent-enterprise-reference-architecture/
Operator Deployment: https://docs.confluent.io/operator/current/co-deployment.html
For questions on this container please contact: confluent-fed@confluent.io
Project template for all Iron Bank container repositories.
\ No newline at end of file
build-image.sh 0 → 100755
+ 60
0
View file @ 1c0a4b1d
#!/bin/bash
start=`date +%s`
##
# Docker Dependencies:
# https://docs.confluent.io/current/installation/docker/image-reference.html#image-reference
##
# Settings for the build process
if [[ -f .env ]]; then
echo "Loading in '.env' for values ..."
export $(grep -v '^#' .env | xargs)
echo " "
elif [[ -f ../.env ]]; then
echo "Loading in PARENT '.env' for values ..."
export $(grep -v '^#' ../.env | xargs)
echo " "
fi
# The BASE_ is used by PlatformOne to change the base image, we will make use of RedHat
BASE_REGISTRY=${BASE_REGISTRY:-'registry1.dso.mil'}
MANI='hardening_manifest.yaml'
## parse manifest with yq (https://github.com/mikefarah/yq)
name=$(yq e '.name' $MANI)
tags=( $(yq e '.tags.[]' $MANI) )
baseImage=$(yq e '.args.BASE_IMAGE' $MANI)
baseTag=$(yq e '.args.BASE_TAG' $MANI)
echo "Starting $name build ..."
echo "$name docker build ..."
if [[ "$1" == "--squash" ]]; then
echo "Squashing like a cockroach ..."
DOCKER_BUILDKIT=1 docker build \
--squash \
--tag $BASE_REGISTRY/$name:latest \
--build-arg BASE_REGISTRY=$BASE_REGISTRY \
--build-arg BASE_IMAGE=$baseImage \
--build-arg BASE_TAG=$baseTag \
.
else
DOCKER_BUILDKIT=1 docker build \
--tag $BASE_REGISTRY/$name:latest \
--build-arg BASE_REGISTRY=$BASE_REGISTRY \
--build-arg BASE_IMAGE=$baseImage \
--build-arg BASE_TAG=$baseTag \
.
fi
for tag in "${tags[@]}";do
docker tag $BASE_REGISTRY/$name:latest $BASE_REGISTRY/$name:$tag
echo "🏷 Tagged build with $BASE_REGISTRY/$name:$tag"
done
end=`date +%s`
duration=$((end-start))
echo "🏁 Finished $CONTAINER build (${duration} seconds)"
\ No newline at end of file
hardening_manifest.yaml 0 → 100644
+ 142
0
View file @ 1c0a4b1d
---
apiVersion: v1
# The repository name in registry1, excluding /ironbank/
name: "confluentinc/cp-enterprise-replicator"
# List of tags to push for the repository in registry1
# The most specific version should be the first tag and will be shown
# on ironbank.dso.mil
tags:
- "7.2.0-1-ubi8"
- "7.2.0"
- "7.2.x"
- "7.2"
# Build args passed to Dockerfile ARGs
args:
BASE_IMAGE: "redhat/openjdk/openjdk11"
BASE_TAG: "1.11"
# Docker image labels
labels:
org.opencontainers.image.title: "cp-enterprise-replicator"
org.opencontainers.image.description: "Official Confluent Docker Image for Replicator"
org.opencontainers.image.licenses: "CONFLUENT ENTERPRISE LICENSE"
org.opencontainers.image.url: "https://docs.confluent.io/platform/current/overview.html"
org.opencontainers.image.vendor: "Confluent"
org.opencontainers.image.version: "7.2.0"
mil.dso.ironbank.image.keywords: "confluent,cflt,kafka,replicator,operator,cfk"
mil.dso.ironbank.image.type: "commercial"
mil.dso.ironbank.product.name: "Confluent Platform"
resources:
- filename: confluent_docker_utils-0.0.52-py3-none-any.whl
url: https://ironbank-files.s3.amazonaws.com/confluent_docker_utils-0.0.52-py3-none-any.whl
validation:
type: sha256
value: 01d6a63a65311afde4dbf3da2c7d402cb1ab995cb6590dc5d43b346f6e1cdda2
- filename: archive.key
url: https://packages.confluent.io/rpm/7.2/archive.key
validation:
type: sha256
value: 6753aba4eab80062784a903af0314877d36fa4f998333adffecb0fcba81113cd
- filename: confluent-common-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-common-7.2.0-1.noarch.rpm
validation:
type: sha256
value: b8dd106288d41fdfe5a88704b95603ba455d11920f3705047e392fa45bca19eb
- filename: confluent-rebalancer-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-rebalancer-7.2.0-1.noarch.rpm
validation:
type: sha256
value: ec490dd099f8aa6af2fe2b90c3d6b01330016b6add0f309563759d116c71ed71
- filename: confluent-rest-utils-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-rest-utils-7.2.0-1.noarch.rpm
validation:
type: sha256
value: b361485a14a11535325930cdd6309acd2046ff905e8cdb3de4e4f67e8a3530c2
- filename: confluent-security-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-security-7.2.0-1.noarch.rpm
validation:
type: sha256
value: c40eff1122a2dfa2513f84975dce2ed07af9b53649014276ea8b098659ca49b2
- filename: confluent-metadata-service-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-metadata-service-7.2.0-1.noarch.rpm
validation:
type: sha256
value: 680b737805948a5fd7894061f5c9cf257d4176a0065f30a489cd9e80ac9cf624
- filename: confluent-server-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-server-7.2.0-1.noarch.rpm
validation:
type: sha256
value: 2394e2f1d30868df5ec836482f0015b4bfdf044d76f24e249cf5955ffd593814
- filename: confluent-ce-kafka-http-server-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-ce-kafka-http-server-7.2.0-1.noarch.rpm
validation:
type: sha256
value: 8a9f5c47407d6fa22a992d31576a26bd2bed8c81f254f1e3070557003ac3f4d0
- filename: confluent-server-rest-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-server-rest-7.2.0-1.noarch.rpm
validation:
type: sha256
value: 14e0c3e524138cc94e629f2e6497aa8e1c9edf81fedec90d138e071e169804eb
- filename: confluent-telemetry-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-telemetry-7.2.0-1.noarch.rpm
validation:
type: sha256
value: 1f96e592b6148660a5a326d0f772ea6fb921ecea9334746f0b3b6806d3942891
- filename: confluent-kafka-rest-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-kafka-rest-7.2.0-1.noarch.rpm
validation:
type: sha256
value: 05f8f40e6ceb34e39a2507e4f134ddb863b627b80ec0262965747211bd58db3d
- filename: confluent-hub-client-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-hub-client-7.2.0-1.noarch.rpm
validation:
type: sha256
value: c8f59e1e069438f791a9213e17bd33984acdf4f6b08faabb16c71d1bd2b148d0
- filename: confluent-control-center-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-control-center-7.2.0-1.noarch.rpm
validation:
type: sha256
value: a3595466e253e3a957b9b3528af1fe5a33a267bcc6a1a63f04a3cb550e8a823c
- filename: confluent-control-center-fe-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-control-center-fe-7.2.0-1.noarch.rpm
validation:
type: sha256
value: 055043de96af6d3bc5dda1f39ce99eee748cc5599be0d60c98ef10a2331edf50
- filename: confluent-schema-registry-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-schema-registry-7.2.0-1.noarch.rpm
validation:
type: sha256
value: 1a5a821fbb78ace521422e454d85d17bc23b17cf2744ad2e22fba96bb0fb3573
- filename: confluent-kafka-connect-replicator-7.2.0-1.noarch.rpm
url: https://packages.confluent.io/rpm/7.2/confluent-kafka-connect-replicator-7.2.0-1.noarch.rpm
validation:
type: sha256
value: e66fe148d25b9d648f95749fd171d85b267d3f4dfec359b4429e0e1cff672cb4
- filename: cp-base-new_7.2.0_UsrLocalLib.tar.gz
url: https://ironbank-files.s3.amazonaws.com/cp-base-new_7.2.0_UsrLocalLib.tar.gz
validation:
type: sha256
value: c4c48db4994aa8de130db0f04b5940695b1af0fe213e3d67acb5becb882a6fed
- filename: cp-base-new_7.2.0_UsrLocalLib64.tar.gz
url: https://ironbank-files.s3.amazonaws.com/cp-base-new_7.2.0_UsrLocalLib64.tar.gz
validation:
type: sha256
value: 3461707013e659120e1942b84e5d23869206ecf33ea4127661167d9250849c7d
- filename: cp-base-new_7.2.0_UsrShareJavaCp-base-new.tar.gz
url: https://ironbank-files.s3.amazonaws.com/cp-base-new_7.2.0_UsrShareJavaCp-base-new.tar.gz
validation:
type: sha256
value: e2972e95524088f51456247120593ca9867e729fcf5fa68c4fc3e65b0f2b70e3
# List of project maintainers
maintainers:
- name: "Scott Stroud"
username: "scottstroud"
email: "confluent-fed@confluent.io"
cht_member: false
- name: "Preston McGowan"
username: "preston.mcgowan"
email: "confluent-fed@confluent.io"
cht_member: false
- name: "Gary Hott"
username: "garyhott86"
email: "confluent-fed@confluent.io"
cht_member: false
scripts/build-image.sh 0 → 100755
+ 64
0
View file @ 1c0a4b1d
#!/bin/bash
start=`date +%s`
##
# Docker Dependencies:
# https://docs.confluent.io/current/installation/docker/image-reference.html#image-reference
##
# Settings for the build process
if [[ -f .env ]]; then
echo "Loading in '.env' for values ..."
export $(grep -v '^#' .env | xargs)
echo " "
elif [[ -f ../.env ]]; then
echo "Loading in PARENT '.env' for values ..."
export $(grep -v '^#' ../.env | xargs)
echo " "
fi
# The BASE_ is used by PlatformOne to change the base image, we will make use of RedHat
BASE_REGISTRY=${BASE_REGISTRY:-'registry1.dso.mil'}
MANI='hardening_manifest.yaml'
cd ../
## parse manifest with yq (https://github.com/mikefarah/yq)
name=$(yq e '.name' $MANI)
tags=( $(yq e '.tags.[]' $MANI) )
baseImage=$(yq e '.args.BASE_IMAGE' $MANI)
baseTag=$(yq e '.args.BASE_TAG' $MANI)
echo "Starting $name build ..."
echo "$name docker build ..."
if [[ "$1" == "--squash" ]]; then
echo "Squashing like a cockroach ..."
DOCKER_BUILDKIT=1 docker build \
--squash \
--tag $BASE_REGISTRY/$name:latest \
--build-arg BASE_REGISTRY=$BASE_REGISTRY \
--build-arg BASE_IMAGE=$baseImage \
--build-arg BASE_TAG=$baseTag \
.
else
DOCKER_BUILDKIT=1 docker build \
--tag $BASE_REGISTRY/$name:latest \
--build-arg BASE_REGISTRY=$BASE_REGISTRY \
--build-arg BASE_IMAGE=$baseImage \
--build-arg BASE_TAG=$baseTag \
.
fi
for tag in "${tags[@]}";do
docker tag $BASE_REGISTRY/$name:latest $BASE_REGISTRY/$name:$tag
echo "🏷 Tagged build with $BASE_REGISTRY/$name:$tag"
done
cd scripts
end=`date +%s`
duration=$((end-start))
echo "🏁 Finished $CONTAINER build (${duration} seconds)"
\ No newline at end of file
scripts/genManifestTemplate.sh 0 → 100755
+ 80
0
View file @ 1c0a4b1d
if [[ -f .env ]]; then
echo "Loading in '.env' for values ..."
export $(grep -v '^#' .env | xargs)
echo " "
fi
VERSION=${VERSION:-'7.1.0.0'}
SCRIPTS_HOME="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
PROJECT_HOME=${PROJECT_HOME:-'../'}
PROJECT_HOME=$(realpath $PROJECT_HOME)
myShaRona () {
myfile=$(basename $1)
mydir=$(dirname $1)
mkdir -p $mydir
if [ ! -e "$mydir/filelist.txt" ] ; then
touch "$mydir/filelist.txt"
fi
if [[ "$OSTYPE" == "darwin"* ]] ; then
mySha=$(shasum -a 256 $1 | cut -d " " -f 1)
else
mySha=$(sha256sum $1 | cut -d " " -f 1)
fi
echo -e "$myfile | $mySha" >> $mydir/filelist.txt
}
filelist () {
rm -f $1/filelist.txt
for filename in $1/*; do
myShaRona $filename
done
}
if [ $# -eq 0 ]; then
echo "filelist.txt or dir path argument required "
exit 1
fi
# if there is not a filelist.txt, generate one
if [ -f "$1" ]; then
filefile=$(realpath $1)
elif [ -f "$1/filelist.txt" ]; then
filefile=$(realpath $1)/filelist.txt
elif [ -d "$1" ]; then
filefile=$(realpath $1)/filelist.txt
fi
filelist $1
basedir=$(dirname $filefile)
cd $basedir
if [[ $filefile == *"ironbank-files"* ]]; then
urlPrefix="https://ironbank-files.s3.amazonaws.com"
elif [[ $filefile == *"confluent"* ]]; then
urlPrefix="https://packages.confluent.io/rpm/${VERSION:0:3}"
elif [[ $filefile == *"pythonhosted"* ]]; then
echo "unsupported cause of the weird guid in the path"
exit 0
fi
echo "resources:" > $basedir/hardened_manifest_template.yaml
while IFS= read -r line
do
IFS=" | " read -a parts <<< $line
cat >> $basedir/hardened_manifest_template.yaml << EOL
- filename: ${parts[0]}
url: ${urlPrefix}/${parts[0]}
validation:
type: sha256
value: ${parts[1]}
EOL
done < "$filefile"
\ No newline at end of file
scripts/importArtifacts.sh 0 → 100755
+ 77
0
View file @ 1c0a4b1d
#!/bin/bash
start=`date +%s`
if [[ -f .env ]]; then
echo "Loading in '.env' for values ..."
export $(grep -v '^#' .env | xargs)
echo " "
fi
SCRIPTS_HOME="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
PROJECT_HOME=${PROJECT_HOME:-'../'}
PROJECT_HOME=$(realpath $PROJECT_HOME)
RESOURCE_HOME=${RESOURCE_HOME:-'../../resources'}
RESOURCE_HOME=$(realpath $RESOURCE_HOME)
importArtifacts() {
manifestPath=$1
httpdomain=$2
resourceDir=$3
echo -e "\nImporting ${httpdomain} artifacts ..."
maniDir=$(dirname "$manifestPath")
# (re)set the filelist.txt
mkdir -p $resourceDir
prefix="url: "
pushd $resourceDir
grep $httpdomain $manifestPath | while read -r line ; do
url=${line##*$prefix}
filename=$(basename "$url")
local=$(find $RESOURCE_HOME -name $filename)
echo "local $local"
if [[ -f "$filename" ]]; then
echo "AA"
echo "Using existing $filename. Run ./clean.sh if thats not desired."
elif [[ ! -z "$local" ]]; then
echo "BB"
echo "Using existing $local. Run ./clean.sh if thats not desired."
cp $local $maniDir/
else
echo "downloading ${url} ..."
wget $url
fi
if [[ ! -f "$maniDir/$filename" ]]; then
echo "copying ${filename} into ${maniDir} ..."
cp $filename $maniDir/
fi
done
popd
}
mani=$(realpath "../hardening_manifest.yaml")
importArtifacts $mani 'ironbank-files.s3.amazonaws.com' "$RESOURCE_HOME/ironbank-files"
importArtifacts $mani 'packages.confluent.io' "$RESOURCE_HOME/confluent"
importArtifacts $mani 's3.us-west-2.amazonaws.com/staging-confluent-packages' "$RESOURCE_HOME/confluent"
importArtifacts $mani 'files.pythonhosted.org' "$RESOURCE_HOME/pythonhosted"
importArtifacts $mani 'repo1.maven.org' "$RESOURCE_HOME/maven"
# echo "Generating hardening_manifest_template.yaml ..."
# $SCRIPTS_HOME/genManifestTemplate.sh "$RESOURCE_HOME/ironbank-files"
# $SCRIPTS_HOME/genManifestTemplate.sh "$RESOURCE_HOME/confluent"
# $SCRIPTS_HOME/genManifestTemplate.sh "$RESOURCE_HOME/pythonhosted"
end=`date +%s`
duration=$((end-start))
echo "#########################"
echo "All done (${duration} seconds)"
echo "#########################"
scripts/include/etc/confluent/docker/apply-mesos-overrides 0 → 100755
+ 32
0
View file @ 1c0a4b1d
#!/usr/bin/env bash
#
# Copyright 2019 Confluent Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Mesos DC/OS docker deployments will have HOST and PORT0
# set for the proxying of the service.
#
# Use those values provide things we know we'll need.
[ -n "${HOST:-}" ] && [ -z "${CONNECT_REST_ADVERTISED_HOST_NAME:-}" ] && \
export CONNECT_REST_ADVERTISED_HOST_NAME=$HOST || true
[ -n "${PORT0:-}" ] && [ -z "${CONNECT_REST_ADVERTISED_PORT:-}" ] && \
export CONNECT_REST_ADVERTISED_PORT=$PORT0 || true
# And default to 8083, which MUST match the containerPort specification
# in the Mesos package for this service.
[ -z "${CONNECT_REST_PORT:-}" ] && \
export CONNECT_REST_PORT=8083 || true
scripts/include/etc/confluent/docker/configure 0 → 100755
+ 57
0
View file @ 1c0a4b1d
#!/usr/bin/env bash
#
# Copyright 2019 Confluent Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
. /etc/confluent/docker/bash-config
dub ensure CONNECT_BOOTSTRAP_SERVERS
dub ensure CONNECT_GROUP_ID
dub ensure CONNECT_CONFIG_STORAGE_TOPIC
dub ensure CONNECT_OFFSET_STORAGE_TOPIC
dub ensure CONNECT_STATUS_STORAGE_TOPIC
dub ensure CONNECT_KEY_CONVERTER
dub ensure CONNECT_VALUE_CONVERTER
# This is required to avoid config bugs. You should set this to a value that is
# resolvable by all containers.
dub ensure CONNECT_REST_ADVERTISED_HOST_NAME
# Default to 8083, which matches the mesos-overrides. This is here in case we extend the containers to remove the mesos overrides.
if [ -z "$CONNECT_REST_PORT" ]; then
export CONNECT_REST_PORT=8083
fi
# Fix for https://issues.apache.org/jira/browse/KAFKA-3988
if [[ ${CONNECT_INTERNAL_KEY_CONVERTER-} == "org.apache.kafka.connect.json.JsonConverter" ]] || [[ ${CONNECT_INTERNAL_VALUE_CONVERTER-} == "org.apache.kafka.connect.json.JsonConverter" ]]
then
export CONNECT_INTERNAL_KEY_CONVERTER_SCHEMAS_ENABLE=false
export CONNECT_INTERNAL_VALUE_CONVERTER_SCHEMAS_ENABLE=false
fi
if [[ $CONNECT_KEY_CONVERTER == "io.confluent.connect.avro.AvroConverter" ]]
then
dub ensure CONNECT_KEY_CONVERTER_SCHEMA_REGISTRY_URL
fi
if [[ $CONNECT_VALUE_CONVERTER == "io.confluent.connect.avro.AvroConverter" ]]
then
dub ensure CONNECT_VALUE_CONVERTER_SCHEMA_REGISTRY_URL
fi
dub path /etc/"${COMPONENT}"/ writable
dub template "/etc/confluent/docker/${COMPONENT}.properties.template" "/etc/${COMPONENT}/${COMPONENT}.properties"
# The connect-distributed script expects the log4j config at /etc/kafka/connect-log4j.properties.
dub template "/etc/confluent/docker/log4j.properties.template" "/etc/kafka/connect-log4j.properties"
scripts/include/etc/confluent/docker/ensure 0 → 100755
+ 35
0
View file @ 1c0a4b1d
#!/usr/bin/env bash
#
# Copyright 2019 Confluent Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
. /etc/confluent/docker/bash-config
echo "===> Check if Kafka is healthy ..."
if [[ -n "${CONNECT_SECURITY_PROTOCOL-}" ]] && [[ $CONNECT_SECURITY_PROTOCOL != "PLAINTEXT" ]]
then
cub kafka-ready \
"${CONNECT_CUB_KAFKA_MIN_BROKERS:-1}" \
"${CONNECT_CUB_KAFKA_TIMEOUT:-40}" \
-b "$CONNECT_BOOTSTRAP_SERVERS" \
--config /etc/"${COMPONENT}"/kafka-connect.properties
else
cub kafka-ready \
"${CONNECT_CUB_KAFKA_MIN_BROKERS:-1}" \
"${CONNECT_CUB_KAFKA_TIMEOUT:-40}" \
-b "$CONNECT_BOOTSTRAP_SERVERS"
fi
scripts/include/etc/confluent/docker/kafka-connect.properties.template 0 → 100644
+ 4
0
View file @ 1c0a4b1d
{% set connect_props = env_to_props('CONNECT_', '') -%}
{% for name, value in connect_props.items() -%}
{{name}}={{value}}
{% endfor -%}
scripts/include/etc/confluent/docker/launch 0 → 100755
+ 46
0
View file @ 1c0a4b1d
#!/usr/bin/env bash
#
# Copyright 2019 Confluent Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Override this section from the script to include the com.sun.management.jmxremote.rmi.port property.
if [ -z "$KAFKA_JMX_OPTS" ]; then
export KAFKA_JMX_OPTS="-Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false "
fi
# The JMX client needs to be able to connect to java.rmi.server.hostname.
# The default for bridged n/w is the bridged IP so you will only be able to connect from another docker container.
# For host n/w, this is the IP that the hostname on the host resolves to.
# If you have more that one n/w configured, hostname -i gives you all the IPs,
# the default is to pick the first IP (or network).
export KAFKA_JMX_HOSTNAME=${KAFKA_JMX_HOSTNAME:-$(hostname -i | cut -d" " -f1)}
if [ "$KAFKA_JMX_PORT" ]; then
# This ensures that the "if" section for JMX_PORT in kafka launch script does not trigger.
export JMX_PORT=$KAFKA_JMX_PORT
export KAFKA_JMX_OPTS="$KAFKA_JMX_OPTS -Djava.rmi.server.hostname=$KAFKA_JMX_HOSTNAME -Dcom.sun.management.jmxremote.local.only=false -Dcom.sun.management.jmxremote.rmi.port=$JMX_PORT -Dcom.sun.management.jmxremote.port=$JMX_PORT"
fi
echo "===> Launching ${COMPONENT} ... "
# Add external jars, replicator monitoring and monitoring interceptors to the classpath
# And this also makes sure that the CLASSPATH does not start with ":/etc/..."
# because this causes the plugin scanner to scan the entire disk.
if [ -z "$CLASSPATH" ]; then
REST_EXTENSION_JAR=$(find /usr/share/java/kafka-connect-replicator/replicator-rest-extension-*jar)
MONITORING_INTERCEPTOR_JAR=$(find /usr/share/java/monitoring-interceptors/monitoring-interceptors-*)
export CLASSPATH="/etc/kafka-connect/jars/*:$REST_EXTENSION_JAR:$MONITORING_INTERCEPTOR_JAR"
fi
exec connect-distributed /etc/"${COMPONENT}"/"${COMPONENT}".properties
scripts/include/etc/confluent/docker/log4j.properties.template 0 → 100644
+ 24
0
View file @ 1c0a4b1d
log4j.rootLogger={{ env["CONNECT_LOG4J_ROOT_LOGLEVEL"] | default('INFO') }}, stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern ={{ env["CONNECT_LOG4J_APPENDER_STDOUT_LAYOUT_CONVERSIONPATTERN"] | default('[%d] %p %m (%c)%n') }}
{% set default_loggers = {
'org.reflections': 'ERROR',
'org.apache.zookeeper': 'ERROR',
'org.I0Itec.zkclient': 'ERROR'
} -%}
{% if env['CONNECT_LOG4J_LOGGERS'] %}
# loggers from CONNECT_LOG4J_LOGGERS env variable
{% set loggers = parse_log4j_loggers(env['CONNECT_LOG4J_LOGGERS']) %}
{% else %}
# default log levels
{% set loggers = default_loggers %}
{% endif %}
{% for logger,loglevel in loggers.items() %}
log4j.logger.{{logger}}={{loglevel}}
{% endfor %}
scripts/include/etc/confluent/docker/run 0 → 100755
+ 32
0
View file @ 1c0a4b1d
#!/usr/bin/env bash
#
# Copyright 2019 Confluent Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
. /etc/confluent/docker/bash-config
. /etc/confluent/docker/mesos-setup.sh
. /etc/confluent/docker/apply-mesos-overrides
echo "===> User"
id
echo "===> Configuring ..."
/etc/confluent/docker/configure
echo "===> Running preflight checks ... "
/etc/confluent/docker/ensure
echo "===> Launching ... "
exec /etc/confluent/docker/launch
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED - NO CUI