UNCLASSIFIED

Skip to content

GitLab

You need to sign in or sign up before continuing.
Commit 9f8ef9e0 authored by Salvador Orozco Villalever's avatar Salvador Orozco Villalever Committed by sean.melissari
Browse files

Add first version of the Dockerfile. Confirm that the build succeeds and the... 

Add first version of the Dockerfile. Confirm that the build succeeds and the container runs as expected.
parent 3590ee54
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 2107 additions and 0 deletions
license/3082/license_Std.rtf 0 → 100755
View file @ 9f8ef9e0
This diff is collapsed.
license/3082/license_Web.rtf 0 → 100755
View file @ 9f8ef9e0
This diff is collapsed.
scripts/healthcheck.sh 0 → 100755
View file @ 9f8ef9e0
#!/bin/bash -eu
# Output errorcode and line info.
#
trap '>&2 echo "Error at line ${LINENO} (process exited with code $?)"' ERR
# This healthcheck looks for XEvents system health files and checks whether
# they have recently been updated. The container is considered healthy if the
# amount of XEvents system health files updated in the last N minutes is greater
# than 0.
#
# It is important to note that these system health files are by default
# placed next to the error log files. While the default parent directory of the
# latter is /var/opt/mssql/log, the MSSQL_ERROR_LOG_FILE environment variable
# can be used at container creation time to change the location of the error
# log files and, consequently, the location of system health files as well.
# Therefore, while looking for these XEvents system health files, both possible
# locations must be considered:
#
# - /var/opt/mssql/log
# - the parent directory of MSSQL_ERROR_LOG_FILE
#
# There are, however, two elements to take into account:
#
# 1. The creation and/or updates to system health XEvent files can be
# stopped by users connecting to SQL Server and stopping the event.
#
# 2. The location of these XEvents files can be changed from SSMS/ADS without
# that change necessarily being added in the MSSQL_ERROR_LOG_FILE environment
# variable as well.
#
# To mitigate item #1, we already suggest customers not to modify or stop the XEvent.
# See https://docs.microsoft.com/en-us/sql/relational-databases/extended-events/use-the-system-health-session?view=sql-server-ver15
#
# To mitigate item #2, DSOP customers should not change the location of these XEvents files.
#
function get_count_of_recently_updated_files()
{
PATH_TO_FILES=$1
INTERVAL_IN_MINUTES=$2
FILE_NAME_PATTERN=$3
echo $(find ${PATH_TO_FILES}/ -mmin -${INTERVAL_IN_MINUTES} -type f -regex ${FILE_NAME_PATTERN} | wc -l)
}
function container_is_healthy()
{
DEFAULT_PATH_TO_LOG_FILES=/var/opt/mssql/log
INTERVAL_IN_MINUTES=5
SYSTEM_HEALTH_FILE_NAME_PATTERN=.*system_health_.*.xel
# If the MSSQL_ERROR_LOG_FILE environment variable was set,
# look for the system health XEvents files in the parent
# directory of the path specified in MSSQL_ERROR_LOG_FILE.
#
if [[ -v MSSQL_ERROR_LOG_FILE ]]; then
MSSQL_ERROR_LOG_FILE_PARENT_DIR="$(dirname "$MSSQL_ERROR_LOG_FILE")"
if [[ $(get_count_of_recently_updated_files "${MSSQL_ERROR_LOG_FILE_PARENT_DIR}" "${INTERVAL_IN_MINUTES}" "${SYSTEM_HEALTH_FILE_NAME_PATTERN}") -gt 0 ]]; then
echo "1";
fi
# Then, look for the system health XEvents files in the default location.
#
elif [[ $(get_count_of_recently_updated_files "${DEFAULT_PATH_TO_LOG_FILES}" "${INTERVAL_IN_MINUTES}" "${SYSTEM_HEALTH_FILE_NAME_PATTERN}") -gt 0 ]]; then
echo "1";
else
echo "0";
fi
}
if [[ $(container_is_healthy) == "1" ]]; then
echo "Success.";
else
exit 1
fi
scripts/install_external.sh 0 → 100644
View file @ 9f8ef9e0
#!/bin/bash -ex
# This file is a reduced version of the install.sh script
# of SQL Server on RHEL containers in the the mssql-server
# repository. This file was copied into this Repo1 repository
# because the Repo1 Contributor Onboarding Guide states that
# Dockerfiles cannot call scripts obtained through the tarballs
# that are pulled via the download.json file. Therefore, this
# version should be kept in sync with the original version.
#
# See https://repo1.dsop.io/dsop/dccscr/-/tree/master/contributor-onboarding#repo-one-approved-container-requirements
# for details.
#
# Output errorcode and line info
#
trap '>&2 echo "Error at line $LINENO (process exited with code $?)"' ERR
RHEL8="rhel8"
# Read parameters
#
# 1/3: Required parameters
#
if [ ! -z "$1" ]; then
PLATFORM_NAME=$1
else
echo "Error. Missing required parameter 'PLATFORM_NAME' (e.g. 'rhel8')."
exit 1
fi
# 2/3: Parameters used to support the DSOP flavor of the
# RHEL 8 image.
#
PLATFORM_FLAVOR_NAME=${2:-regular}
# 3/3: Parameters used to support the external build environment
# on RepoOne. See the Dockerfile at
# repo1.dsop.io/dsop/microsoft/microsoft/microsoft-sql-server-2019
#
BUILD_ENVIRONMENT=${3:-internal}
RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH=${4:-}
# Function that prints information related to
# the build scenario.
#
function printBuildScenario()
{
echo "Installing container dependencies in the following build scenario:"
echo "PLATFORM_NAME = $PLATFORM_NAME"
echo "PLATFORM_FLAVOR_NAME = $PLATFORM_FLAVOR_NAME"
echo "BUILD_ENVIRONMENT = $BUILD_ENVIRONMENT"
if [ ! -z "$RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH" ]; then
echo "RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH = $RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH"
fi
}
# Function that performs pre-installation tasks
# common across build environments.
#
function performCommonPreInstallationTasks()
{
mkdir -p /tmp
chmod 1777 /tmp
cd /tmp
# Create the conf file for root to specify the soft stack limit.
#
# When running in docker - we start sqlserver as user 'mssql'.
# Also set the same limit for user 'root' in case the user sets
# the container to run with root privileges.
#
# This is done to ensure that the sqlservr (started under user mssql)
# doesn't fallback to a legacy VA layout and place mmap_base at ~42TB.
#
echo "root soft stack 8192" > /etc/security/limits.d/99-mssql-server.conf
echo "mssql soft stack 8192" >> /etc/security/limits.d/99-mssql-server.conf
}
SCRIPT_DIRECTORY="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
# Note: the text files consumed below containing list of packages to install were
# placed under packages/docker/mssql-server-rhel/overlay/tmp/ so they end up inside
# the "install" directory (e.g. .obj/packages/docker/mssql-server-rhel8/install/).
#
RHEL8_PKGS_FROM_UBI=$(cat $SCRIPT_DIRECTORY/pkgs-lists/rhel8/rhel8-pkgs-from-ubi.txt | tr '\n' ' ')
# Function: getListOfPackagesToInstall
#
# Description: prints a single line with the space-separated
# names of the packages to install based on the following parameters:
#
# 1. platform name: rhel8
# 1. build environment (rhel8-only): external
# 2. platform flavor name (rhel8-only): DSOP
#
function getListOfPackagesToInstall()
{
packageList=""
if [ "$PLATFORM_NAME" == "$RHEL8" ]; then
# Packages which are obtained from the RHEL 8 UBI and are required
# by both flavors of the RHEL 8 image are consumed the same way across
# build environments.
#
packageList+="$RHEL8_PKGS_FROM_UBI"
packageList+=" "
if [ "$BUILD_ENVIRONMENT" == "external" ]; then
# In the external build environment on RepoOne, we don't have access
# to the Internet at build time, so RPM files which are not part of the
# UBI are exposed through a tarball that the external build pipeline has
# access to before the build starts.
#
packageList+="$RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH"/packages/*.rpm
packageList+=" "
fi
fi
echo "$packageList"
}
# Function that performs tasks required before installing
# packages in the external build environment.
#
function performPreInstallationTasksForExternalBuild()
{
if [ "$PLATFORM_NAME" == "$RHEL8" ]; then
cp "$RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH"/rpm-gpg/* /etc/pki/rpm-gpg/
rpm --import --quiet /etc/pki/rpm-gpg/*.asc
fi
}
# Function that calls the appropriate package manager
# to perform the installation of the required packages.
#
function installPackages()
{
if [ "$PLATFORM_NAME" == "$RHEL8" ]; then
ACCEPT_EULA=Y dnf -q -y --disableplugin=subscription-manager install \
$(getListOfPackagesToInstall)
elif [ "$PLATFORM_NAME" == "$RHEL7" ]; then
ACCEPT_EULA=Y yum -y --nogpgcheck install \
$(getListOfPackagesToInstall)
fi
}
# Function that performs post-installation tasks
# common across build environments.
#
function performCommonPostInstallationTasks
{
# Create non-root user and update permissions.
#
useradd -M -s /bin/bash -u 10001 -g 0 mssql
mkdir -p -m 770 /var/opt/mssql
chgrp -R 0 /var/opt/mssql
# Grant sql the permissions to connect to ports <1024 as a non-root user.
#
setcap 'cap_net_bind_service+ep' /opt/mssql/bin/sqlservr
# Allow dumps from the non-root process.
#
setcap 'cap_sys_ptrace+ep' /opt/mssql/bin/paldumper
if [ "$PLATFORM_NAME" == "$RHEL8" ]; then
setcap 'cap_sys_ptrace+ep' /usr/libexec/gdb
fi
# Add an ldconfig file because setcap causes the os to remove LD_LIBRARY_PATH
# and other env variables that control dynamic linking.
#
mkdir -p /etc/ld.so.conf.d && touch /etc/ld.so.conf.d/mssql.conf
echo -e "# mssql libs\n/opt/mssql/lib" >> /etc/ld.so.conf.d/mssql.conf
ldconfig
# Remove files from /tmp.
#
rm -rf /tmp/*
}
# Function that drives the installation of packages
# for builds in the external environment.
#
function install_external()
{
# Pre-installation phase
#
performCommonPreInstallationTasks
performPreInstallationTasksForExternalBuild
# Installation phase
#
installPackages
# Post-installation phase
#
performCommonPostInstallationTasks
}
printBuildScenario
if [ "$BUILD_ENVIRONMENT" == "external" ]; then
install_external
else
echo "Invalid parameter value: BUILD_ENVIRONMENT = $BUILD_ENVIRONMENT."
echo "The accepted value is 'external'."
exit 1
fi
scripts/permissions_check_external.sh 0 → 100644
View file @ 9f8ef9e0
#!/bin/bash
# This file is a copy of the permissions_check.sh script
# of SQL Server on RHEL containers in the the mssql-server
# repository. This file was copied into this Repo1 repository
# because the Repo1 Contributor Onboarding Guide states that
# Dockerfiles cannot call scripts obtained through the tarballs
# that are pulled via the download.json file. Therefore, this
# version should be kept in sync with the original version.
#
# See https://repo1.dsop.io/dsop/dccscr/-/tree/master/contributor-onboarding#repo-one-approved-container-requirements
# for details.
#
username=$(whoami)
message="SQL Server 2019 will run as non-root by default.\nThis container is running as user $username."
# Find the master database file
master_path=""
mssql_conf="/opt/mssql/bin/mssql-conf"
# Check for master.mdf using environment settings
if [ -n "$MSSQL_MASTER_DATA_FILE" ] && [ -f "$MSSQL_MASTER_DATA_FILE" ]
then
master_path="$MSSQL_MASTER_DATA_FILE"
elif [ -n "$MSSQL_DATA_DIR" ] && [ -f "$MSSQL_DATA_DIR/master.mdf" ]
then
# trim any trailing slashes from the path
trimmed_dir=$(echo "$MSSQL_DATA_DIR" | sed 's:/*$::')
if [ -f "$trimmed_dir/master.mdf" ]
then
master_path="$trimmed_dir/master.mdf"
fi
fi
# If not found, check mssql.conf for location
if [ -z "$master_path" ] && [ -f /var/opt/mssql/mssql.conf ]
then
# check for master data file
master_data_file=$($mssql_conf get filelocation masterdatafile | cut -d ':' -f 2 | tr -d ' ')
if [ -f "$master_data_file" ]
then
master_path="$master_data_file"
else
# check for default data dir
default_data_dir=$($mssql_conf get filelocation defaultdatadir | cut -d ':' -f 2 | tr -d ' ')
trimmed_dir=$(echo "$default_data_dir" | sed 's:/*$::')
if [ -f "$trimmed_dir/master.mdf" ]
then
master_path="$trimmed_dir/master.mdf"
fi
fi
fi
# If not found, check /var/opt/mssql
if [ -f "/var/opt/mssql/data/master.mdf" ] && [ -z "$master_path" ]
then
master_path="/var/opt/mssql/data/master.mdf"
fi
if [ -n "$master_path" ] && [ -f "$master_path" ]
then
master_mdf_owner=$(stat -c '%U' "$master_path")
message="$message\nYour master database file is owned by $master_mdf_owner."
fi
message="$message\nTo learn more visit https://go.microsoft.com/fwlink/?linkid=2099216."
echo -e "$message"
# Execute the cmd from the dockerfile
exec "$@"
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED