From 4e2c7cd09e5e92d952364ade40cf4461e064fd39 Mon Sep 17 00:00:00 2001 From: Nassim Kammah Date: Thu, 20 Feb 2020 15:04:53 +0100 Subject: [PATCH] Incoporate the ES fixes to the Kibana build See [ES MR](https://dccscr.dsop.io/dsop/elastic/elasticsearch/elasticsearch/merge_requesMR]. Major changes added to: We need the ability to build the UBI image within Elastic's environment. To that extent, we need the ability to : override the `NEXUS_SCHEME` to use `http`, but have it default to https override the `NEXUS_SERVER` to use our own server, but have it default to dcar's server The script was made generic enough to download any artifact at any url. In Kibana's case, we need both the kibana tarball and a dumb-init script. Re-enable the GPG check and remove code not used in DCAR's context --- 7.6.0/Dockerfile | 25 +++++++++++------ 7.6.0/build-scripts/prepare.sh | 12 ++++++++ 7.6.0/scripts/prebuild.sh | 50 ++++++++++++---------------------- 3 files changed, 46 insertions(+), 41 deletions(-) create mode 100755 7.6.0/build-scripts/prepare.sh diff --git a/7.6.0/Dockerfile b/7.6.0/Dockerfile index 211b739..eb0ebb4 100644 --- a/7.6.0/Dockerfile +++ b/7.6.0/Dockerfile @@ -9,14 +9,22 @@ ARG BASE_TAG=8.1 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} AS prep_files ARG NEXUS_SCHEME=https -ARG NEXUS_SERVER=${NEXUS_SERVER} +ARG NEXUS_USERNAME +ARG NEXUS_PASSWORD +ARG NEXUS_SERVER=nexus-secure.levelup-dev.io +ARG PACKAGE_NAME=kibana-7.6.0-linux-x86_64.tar.gz +ARG NEXUS_BASE=${NEXUS_SCHEME}://${NEXUS_SERVER}/repository/dsop/elastic/ + +ADD build-scripts/ /build-scripts/ + +RUN /build-scripts/prepare.sh $NEXUS_BASE/$PACKAGE_NAME $PACKAGE_NAME +RUN /build-scripts/prepare.sh $NEXUS_BASE/dumb-init dumb-init RUN yum -y --nogpgcheck --disableplugin=subscription-manager update && yum install -y --nogpgcheck --disableplugin=subscription-manager tar gzip && yum clean all -RUN cd /opt && curl --retry 8 -s -L -O -k -f ${NEXUS_SCHEME}://${NEXUS_SERVER}/repository/dsop/elastic/kibana/7.6.0/kibana-7.6.0-linux-x86_64.tar.gz && cd - RUN mkdir /usr/share/kibana WORKDIR /usr/share/kibana -RUN tar --strip-components=1 -zxf /opt/kibana-7.6.0-linux-x86_64.tar.gz +RUN tar zxf /opt/${PACKAGE_NAME} --strip-components=1 # Ensure that group permissions are the same as user permissions. # This will help when relying on GID-0 to run Kibana, rather than UID-1000. # OpenShift does this, for example. @@ -31,15 +39,14 @@ RUN find /usr/share/kibana -type d -exec chmod g+s {} \; FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} EXPOSE 5601 -# Add an init process -ARG NEXUS_SCHEME=https -ARG NEXUS_SERVER=${NEXUS_SERVER} -RUN curl -s --create-dirs -k -fL ${NEXUS_SCHEME}://${NEXUS_SERVER}/repository/dsop/elastic/kibana/7.6.0/dumb-init -o /usr/local/bin/dumb-init -RUN chmod +x /usr/local/bin/dumb-init - # Add Reporting dependencies. RUN yum -y --nogpgcheck --disableplugin=subscription-manager update && yum install -y --nogpgcheck --disableplugin=subscription-manager fontconfig freetype shadow-utils && yum clean all +# Add a dumb init process +COPY --from=prep_files /opt/dumb-init /usr/local/bin/dumb-init +RUN chmod +x /usr/local/bin/dumb-init + + # Bring in Kibana from the initial stage. COPY --from=prep_files --chown=1000:0 /usr/share/kibana /usr/share/kibana WORKDIR /usr/share/kibana diff --git a/7.6.0/build-scripts/prepare.sh b/7.6.0/build-scripts/prepare.sh new file mode 100755 index 0000000..aeea338 --- /dev/null +++ b/7.6.0/build-scripts/prepare.sh @@ -0,0 +1,12 @@ +#!/bin/bash +set -euo pipefail + +PACKAGE_URL=$1 +PACKAGE_NAME=$2 +WORKSPACE=${WORKSPACE:-/prepare} + +# Download dependencies +curl -fLku ${NEXUS_USERNAME}:${NEXUS_PASSWORD} --create-dirs ${PACKAGE_URL} -o ${WORKSPACE}/${PACKAGE_NAME} + +cp ${WORKSPACE}/${PACKAGE_NAME} /opt/${PACKAGE_NAME} + diff --git a/7.6.0/scripts/prebuild.sh b/7.6.0/scripts/prebuild.sh index 9d3bfa1..222ae04 100755 --- a/7.6.0/scripts/prebuild.sh +++ b/7.6.0/scripts/prebuild.sh @@ -7,14 +7,11 @@ ELASTIC_VERSION=7.6.0 ELASTIC_GPG_KEY_FINGERPRINT=46095ACC8548582C1A2699A9D27D666CD88E42B4 PACKAGE_NAME=${ELASTIC_PRODUCT}-${ELASTIC_VERSION}-linux-x86_64.tar.gz +VENDOR=elastic +CONTAINER=kibana # These three variables are required to push whatever outside binaries your container needs at build time to our Nexus repo NEXUS_SCHEME=${NEXUS_SCHEME:-https} -NEXUS_SERVER="${NEXUS_SERVER}/repository/dsop" -NEXUS_USERNAME="${NEXUS_USERNAME}" -NEXUS_PASSWORD="${NEXUS_PASSWORD}" - -NEXUS_SERVER_URL="${NEXUS_SCHEME}://${NEXUS_SERVER}/elastic/${ELASTIC_PRODUCT}/${ELASTIC_VERSION}" - +NEXUS_REPO=${NEXUS_SCHEME}://${NEXUS_SERVER}/repository/dsop/${VENDOR}/ ################################################################################# ### Set & create paths ### @@ -30,7 +27,7 @@ curl -sL https://github.com/Yelp/dumb-init/releases/download/v1.2.2/dumb-init_1. echo "37f2c1f0372a45554f1b89924fbb134fc24c3756efaedf11e07f599494e0eff9 dumb-init" | sha256sum -c - echo "Downloading ${ELASTIC_PRODUCT}/${PACKAGE_NAME}" -curl -sO https://artifacts.elastic.co/downloads/${ELASTIC_PRODUCT}/${PACKAGE_NAME} +curl -O https://artifacts.elastic.co/downloads/${ELASTIC_PRODUCT}/${PACKAGE_NAME} curl -sO https://artifacts.elastic.co/downloads/${ELASTIC_PRODUCT}/${PACKAGE_NAME}.asc curl -sO https://artifacts.elastic.co/downloads/${ELASTIC_PRODUCT}/${PACKAGE_NAME}.sha512 sha512sum --check "${PACKAGE_NAME}.sha512" @@ -39,34 +36,23 @@ echo "Downloads Successful" ### GPG Signature Check ### -#curl -sO https://artifacts.elastic.co/GPG-KEY-elasticsearch -# -## verify the key has the expected fingerprint -#gpg -n --keyid-format long --list-options show-keyring GPG-KEY-elasticsearch | grep "$ELASTIC_GPG_KEY_FINGERPRINT" -# -#gpg --import GPG-KEY-elasticsearch -# -#gpg --verify "${PACKAGE_NAME}.asc" "$PACKAGE_NAME" +curl -sO https://artifacts.elastic.co/GPG-KEY-elasticsearch + +gpg --import GPG-KEY-elasticsearch -#if [ $? -eq 0 ] -#then -# echo "The key has the expected fingerprint." -#else -# echo "There is a Problem with signature." -#fi +gpg --verify "${PACKAGE_NAME}.asc" "$PACKAGE_NAME" + +if [ $? -eq 0 ] +then + echo "The key has the expected fingerprint." +else + echo "There is a Problem with signature." +fi ### Nexus Repo Upload ### -for package in ${PACKAGE_NAME} ${PACKAGE_NAME}.asc ${PACKAGE_NAME}.sha512 dumb-init +for package in ${PACKAGE_NAME} dumb-init do - curl -k -fu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} -T ${package} ${NEXUS_SERVER_URL}/${package} - echo "${package} uploaded" + curl -k -fu ${NEXUS_USERNAME}:${NEXUS_PASSWORD} -T ${package} ${NEXUS_REPO}/${package} + echo "${package} uploaded" done -### Cleanup ### -cd ${START_DIR} - -if [[ $NOCLEAN ]]; then - echo "Staging folder not deleted : ${STAGING_DIR}" -else - rm -rf ${STAGING_DIR} -fi -- GitLab