Add first version of the Dockerfile. Confirm that the build succeeds and the...

Add first version of the Dockerfile. Confirm that the build succeeds and the container runs as expected.

.gitignore

+# Tarball
+*.tar.gz
+
+# RPM
+*.rpm
+
+# Scripts
+download-tar-files.sh
+build-container-image.sh
+send-merge-request-to-gitlab.sh
\ No newline at end of file

Dockerfile

+# These three ARGs must point to an Iron Bank image - the BASE_REGISTRY should always be what is written below; please use
+# '--build-arg' when building locally to replace these values.
+#
+ARG BASE_REGISTRY=registry1.dsop.io
+ARG BASE_IMAGE=redhat/ubi/ubi8
+ARG BASE_TAG=8.3
+
+# FROM statement must reference the base image using the three ARGs established.
+#
+FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
+
+MAINTAINER dpgswdist@microsoft.com
+
+EXPOSE 1433
+
+ENV MSSQL_RPC_PORT=135
+
+# Required variables for consuming the tarball with
+# the "install" directory.
+#
+ARG INSTALL_DIRECTORY=install
+ARG INSTALL_DIRECTORY_TARBALL=$INSTALL_DIRECTORY.tar.gz
+
+# Consume the "install" directory.
+#
+# 1. Copy the tarball into the container's root directory ('/').
+# 2. Extract into the container's root directory the directory
+#    inside the tarball.
+# 3. Delete the tarball.
+# 4. Set root as the owner of the directory obtained in step #2.
+# 5. Copy the contents of the directory obtained in step #2 into the
+#    container's root directory.
+# 6. Delete the directory obtained in step #2.
+# 7. Make /opt/mssql/bin/ executable, so binaries under opt/mssql/bin/
+#    can be run.
+#
+COPY ./$INSTALL_DIRECTORY_TARBALL /
+RUN tar -C / -zxf /$INSTALL_DIRECTORY_TARBALL && \
+    rm -f $INSTALL_DIRECTORY_TARBALL && \
+    chown root:root -R /$INSTALL_DIRECTORY/ && \
+    cp -frp /$INSTALL_DIRECTORY/* / && \
+    rm -rf /$INSTALL_DIRECTORY && \
+    chmod +x -R /opt/mssql/bin/
+
+# Required variables for consuming the tarball with
+# the directory containing RHEL 8 RPMs which do not
+# come from the UBI and their corresponding GPG keys.
+#
+ARG RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY=rpms
+ARG RHEL8_RPM_FILES_NOT_FROM_UBI_TARBALL=$RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY.tar.gz
+ARG RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH=/tmp/$RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY
+
+# Consume the directory with the RHEL 8 RPM files.
+#
+# 1. Copy the tarball into the container's /tmp directory.
+# 2. Extract into the container's /tmp directory the directory
+#    inside the tarball.
+# 3. Delete the tarball.
+# 4. Set root as the owner of the directory obtained in step #2.
+#
+# Note: the /tmp directory is deleted in install_external.sh.
+#
+COPY ./$RHEL8_RPM_FILES_NOT_FROM_UBI_TARBALL /tmp
+RUN tar -C /tmp -zxf /tmp/$RHEL8_RPM_FILES_NOT_FROM_UBI_TARBALL && \
+    rm -f /tmp/$RHEL8_RPM_FILES_NOT_FROM_UBI_TARBALL && \
+    chown root:root -R $RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH
+
+# Variables to be used as parameters to install_external.sh
+#
+ARG PLATFORM_NAME=rhel8
+ARG PLATFORM_FLAVOR_NAME=dsop
+ARG BUILD_ENVIRONMENT=external
+
+# Parameters to install_external.sh:
+# 1. Platform name
+# 2. Platform flavor name
+# 3. Build environment
+# 4. Path to directory with non-base-OS-image RPM
+# files and GPG keys
+#
+# Run install_external.sh to install dependencies and make
+# some configurations.
+#
+COPY scripts/install_external.sh /tmp/install_external.sh
+RUN chmod +x /tmp/install_external.sh && \
+    /tmp/install_external.sh $PLATFORM_NAME $PLATFORM_FLAVOR_NAME $BUILD_ENVIRONMENT $RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH
+
+COPY scripts/healthcheck.sh /healthcheck.sh
+RUN chmod +x /healthcheck.sh
+
+HEALTHCHECK \
+    --start-period=180s \
+    --interval=180s \
+    --timeout=10s \
+    --retries=5 \
+    CMD /healthcheck.sh
+
+# Copy permissions_check_external.sh and change its mode before
+# switching to the non-root user.
+#
+COPY scripts/permissions_check_external.sh /opt/mssql/bin/permissions_check_external.sh
+RUN chmod +x /opt/mssql/bin/permissions_check_external.sh
+
+# Switch to non-root user.
+#
+USER mssql
+ENTRYPOINT ["/opt/mssql/bin/permissions_check_external.sh"]
+
+CMD ["/opt/mssql/bin/sqlservr"]
+

LICENSE

+See the SQL Server license files under the "license/" directory.
\ No newline at end of file

README.md

-# microsoft-sql-server-2019
+# SQL Server 2019 on Red Hat Enterprise Linux 8
 
-microsoft sql-server-2019
\ No newline at end of file
+# Prerequisites
+- Minimum of 2 GB of disk space.
+- Minimum of 2 GB of RAM.
+- [System requirements for SQL Server on Linux.](https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-setup?view=sql-server-ver15#system)
+
+## 1. Run the container
+
+To run the container image with Podman, you can use the following command from a bash shell
+
+```
+podman run \
+-e "ACCEPT_EULA=Y" \
+<provide the MSSQL_SA_PASSWORD environment variable definition here> \
+-p 1433:1433 --name <provide the container name here (e.g. "sql1")> \
+-d registry1.dsop.io/microsoft/sql-server:2019-CU8-rhel8
+```
+
+NOTE: besides the ```"ACCEPT_EULA=Y"``` environment variable, you must also provide to the container the ```"MSSQL_SA_PASSWORD"``` environment variable containing the password that you want to set for the system administrator (sa) account.
+
+## 2. Change the SA password
+
+The SA account is a system administrator on the SQL Server instance that gets created during setup. After creating your SQL Server container, the ```MSSQL_SA_PASSWORD``` environment variable you specified is discoverable by running ```echo $MSSQL_SA_PASSWORD``` in the container. For security purposes, change your SA password.
+
+```
+podman exec -it \
+    <provide the container name here (e.g. "sql1")> \
+    /opt/mssql-tools/bin/sqlcmd \
+   -S localhost -U SA -P <provide the current password here surrounded by double quotes> \
+   -Q 'ALTER LOGIN SA WITH PASSWORD=<provide the new password here surrounded by double quotes>'
+```
+
+## 3. Connect to SQL Server
+### 3.1 Connect from inside the container
+
+The following steps use the SQL Server command-line tool, sqlcmd, inside the container to connect to SQL Server.
+
+```
+podman exec -it <provide the container name here (e.g. "sql1")> "bash"
+```
+```
+/opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P <provide the password here surrounded by double quotes>
+```
+
+### 3.2 Connect from outside the container
+
+You can also connect to the SQL Server instance from any external Linux, Windows, or macOS tool that supports SQL connections.
+
+The following steps use sqlcmd outside of your container to connect to SQL Server running in the container. These steps assume that you already have the SQL Server command-line tools installed outside of your container. The same principles apply when using other tools, but the process of connecting is unique to each tool.
+
+1. Find the IP address for the machine that hosts your container. On Linux, use ```ifconfig``` or ```ip addr```. On Windows, use ```ipconfig```.
+
+2. For this example, install the sqlcmd tool on your client machine. For more information, see [Install sqlcmd on Windows](https://docs.microsoft.com/en-us/sql/tools/sqlcmd-utility?view=sql-server-ver15) or [Install sqlcmd on Linux](https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-setup-tools?view=sql-server-ver15).
+
+3. Run sqlcmd specifying the IP address and the port mapped to port 1433 in your container. In this example, that is the same port, 1433, on the host machine. If you specified a different mapped port on the host machine, you would use it here.
+
+    ```
+    sqlcmd -S <ip_address>,1433 -U SA -P <provide the new password here surrounded by double quotes>
+    ```
+
+4. Run Transact-SQL commands. When finished, type ```QUIT```.
+
+Other common tools to connect to SQL Server include:
+
+- [Visual Studio Code](https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-develop-use-vscode?view=sql-server-ver15)
+- [SQL Server Management Studio (SSMS) on Windows](https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-manage-ssms?view=sql-server-ver15)
+- [Azure Data Studio](https://docs.microsoft.com/en-us/sql/azure-data-studio/what-is?view=sql-server-ver15)
+- [mssql-cli (Preview)](https://github.com/dbcli/mssql-cli/blob/master/doc/usage_guide.md)
+- [PowerShell Core](https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-manage-powershell-core?view=sql-server-ver15)
+
+## 4. Container Healthcheck
+
+The health check of the container relies on the SQL Server Extended Events technology. What the logic of the health check does is look for updates in system health files of an Extended Events session that is created by default when the container is executed. Given the latter, this Extended Events session must not be stopped and the location of the system health files must not be changed. The health check does, however, check for those system health files in two possible locations:
+
+- The default location at ```/var/opt/mssql/log```.
+- The parent directory of the file whose path can be configured by the ```MSSQL_ERROR_LOG_FILE``` environment variable. By default, system health files are always placed next to SQL Server error log files.
+
+See [SQL Docs - Extended Events Overview](https://docs.microsoft.com/en-us/sql/relational-databases/extended-events/extended-events?view=sql-server-ver15) and [SQL Docs - Configure SQL Server settings with environment variables on Linux](https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-configure-environment-variables?view=sql-server-ver15).
+
+<br>
+
+See the full documentation of SQL Server containers on [SQL Docs - Quickstart: Run SQL Server container images with Docker](https://docs.microsoft.com/en-us/sql/linux/quickstart-install-connect-docker?view=sql-server-ver15&pivots=cs1-bash).
\ No newline at end of file

hardening_manifest.yaml

+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "microsoft/microsoft/microsoft-sql-server-2019-rhel8"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dso.mil
+tags:
+- "2019-CU8-rhel-8"
+- "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "redhat/ubi/ubi8"
+  BASE_TAG: "8.3"
+
+# Docker image labels
+labels:
+  # Name of the image
+  org.opencontainers.image.title: "microsoft-sql-server-2019-rhel8"
+  # Human-readable description of the software packaged in the image
+  org.opencontainers.image.description: "SQL Server 2019 on RHEL8 Image"
+  # License(s) under which contained software is distributed
+  org.opencontainers.image.licenses: "Developer, Enterprise Core, Enterprise, Evaluation, Express, Standard, Web"
+  # URL to find more information on the image
+  org.opencontainers.image.url: "https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-docker-container-deployment"
+  # Name of the distributing entity, organization or individual
+  org.opencontainers.image.vendor: "Microsoft Corporation"
+  # Authoritative version of the software
+  org.opencontainers.image.version: "2019-CU8-rhel-8"
+  # Keywords to help with search (ex. "cicd,gitops,golang")
+  mil.dso.ironbank.image.keywords: "database,db,sql,relational database,container,analytics,storage,security"
+  # This value can be "opensource" or "commercial"
+  mil.dso.ironbank.image.type: "commercial"
+  # Product the image belongs to for grouping multiple images
+  mil.dso.ironbank.product.name: "microsoft/microsoft"
+
+# List of resources to make available to the offline build context
+resources:
+  - url: "https://hlspubdist.blob.core.windows.net/15d0d4073d23-4/mssql-server-2019-cu8/15.0.4073.23-4/rhel8-dsop/rpms.tar.gz"
+    filename: "rpms.tar.gz" # [required field] desired staging name for the build context
+    validation:
+      type: "sha512" # supported: sha256, sha512
+      value: "77d2f69325f18be43eceb5064f4836515c19dc58d94f9fe2d4fd113e76dc114dedbae6d453b38bde811d551a20d0f1aaff19ae68ccde51f2778002c867871287" # must be lowercase
+  - url: "https://hlspubdist.blob.core.windows.net/15d0d4073d23-4/mssql-server-2019-cu8/15.0.4073.23-4/rhel8-dsop/install.tar.gz"
+    filename: "install.tar.gz"
+    validation:
+      type: "sha512"
+      value: "6e0d5030711e87d1e1c591100316e3bb810cd5d51a139c9d5a69476bd701f0107b6bf869728480e9d14c0b49eddfb72882cd3f2dcb70dfbe1e6619f46c35d593"
+    # if the file you pull is from a github repo, make sure this is the official repo for that file,
+    # and indicate that in a comment in this file
+
+# List of project maintainers
+maintainers:
+- email: "saorozco@microsoft.com"
+  # The name of the current container owner
+  name: "Salvador Orozco Villalever"
+  # The gitlab username of the current container owner
+  username: "saorozco_msft"
+  cht_member: false # NOTE: Include if the maintainer is a member of CHT