Merge branch 'personal/saorozco/initial_onboarding' into 'development'

SQL Server 2019 on RHEL 8 - Initial onboarding

See merge request !2

scripts/healthcheck.sh

+#!/bin/bash -eu
+
+# Output errorcode and line info.
+#
+trap '>&2 echo "Error at line ${LINENO} (process exited with code $?)"' ERR
+
+# This healthcheck looks for XEvents system health files and checks whether
+# they have recently been updated. The container is considered healthy if the
+# amount of XEvents system health files updated in the last N minutes is greater
+# than 0.
+#
+# It is important to note that these system health files are by default
+# placed next to the error log files. While the default parent directory of the
+# latter is /var/opt/mssql/log, the MSSQL_ERROR_LOG_FILE environment variable
+# can be used at container creation time to change the location of the error
+# log files and, consequently, the location of system health files as well.
+# Therefore, while looking for these XEvents system health files, both possible
+# locations must be considered:
+#
+# - /var/opt/mssql/log
+# - the parent directory of MSSQL_ERROR_LOG_FILE
+#
+# There are, however, two elements to take into account:
+#
+# 1. The creation and/or updates to system health XEvent files can be
+# stopped by users connecting to SQL Server and stopping the event.
+#
+# 2. The location of these XEvents files can be changed from SSMS/ADS without
+# that change necessarily being added in the MSSQL_ERROR_LOG_FILE environment
+# variable as well.
+#
+# To mitigate item #1, we already suggest customers not to modify or stop the XEvent.
+# See https://docs.microsoft.com/en-us/sql/relational-databases/extended-events/use-the-system-health-session?view=sql-server-ver15
+#
+# To mitigate item #2, DSOP customers should not change the location of these XEvents files.
+#
+
+function get_count_of_recently_updated_files()
+{
+    PATH_TO_FILES=$1
+    INTERVAL_IN_MINUTES=$2
+    FILE_NAME_PATTERN=$3
+
+    echo $(find ${PATH_TO_FILES}/ -mmin -${INTERVAL_IN_MINUTES} -type f -regex ${FILE_NAME_PATTERN} | wc -l)
+}
+
+function container_is_healthy()
+{
+    DEFAULT_PATH_TO_LOG_FILES=/var/opt/mssql/log
+    INTERVAL_IN_MINUTES=5
+    SYSTEM_HEALTH_FILE_NAME_PATTERN=.*system_health_.*.xel
+
+    # If the MSSQL_ERROR_LOG_FILE environment variable was set,
+    # look for the system health XEvents files in the parent
+    # directory of the path specified in MSSQL_ERROR_LOG_FILE.
+    #
+    if [[ -v MSSQL_ERROR_LOG_FILE ]]; then
+        MSSQL_ERROR_LOG_FILE_PARENT_DIR="$(dirname "$MSSQL_ERROR_LOG_FILE")"
+
+        if [[ $(get_count_of_recently_updated_files "${MSSQL_ERROR_LOG_FILE_PARENT_DIR}" "${INTERVAL_IN_MINUTES}" "${SYSTEM_HEALTH_FILE_NAME_PATTERN}") -gt 0 ]]; then
+            echo "1";
+        fi
+
+    # Then, look for the system health XEvents files in the default location.
+    #
+    elif [[ $(get_count_of_recently_updated_files "${DEFAULT_PATH_TO_LOG_FILES}" "${INTERVAL_IN_MINUTES}" "${SYSTEM_HEALTH_FILE_NAME_PATTERN}") -gt 0 ]]; then
+        echo "1";
+
+    else
+        echo "0";
+    fi
+}
+
+if [[ $(container_is_healthy) == "1" ]]; then
+    echo "Success.";
+else
+    exit 1
+fi
+

scripts/install_external.sh

+#!/bin/bash -ex
+
+# This file is a reduced version of the install.sh script
+# of SQL Server on RHEL containers in the the mssql-server
+# repository. This file was copied into this Repo1 repository
+# because the Repo1 Contributor Onboarding Guide states that
+# Dockerfiles cannot call scripts obtained through the tarballs
+# that are pulled via the download.json file. Therefore, this
+# version should be kept in sync with the original version.
+#
+# See https://repo1.dsop.io/dsop/dccscr/-/tree/master/contributor-onboarding#repo-one-approved-container-requirements
+# for details.
+#
+
+# Output errorcode and line info
+#
+trap '>&2 echo "Error at line $LINENO (process exited with code $?)"' ERR
+
+RHEL8="rhel8"
+
+# Read parameters
+#
+
+# 1/3: Required parameters
+#
+if [ ! -z "$1" ]; then
+    PLATFORM_NAME=$1
+else
+    echo "Error. Missing required parameter 'PLATFORM_NAME' (e.g. 'rhel8')."
+    exit 1
+fi
+
+# 2/3: Parameters used to support the DSOP flavor of the
+# RHEL 8 image.
+#
+PLATFORM_FLAVOR_NAME=${2:-regular}
+
+# 3/3: Parameters used to support the external build environment
+# on RepoOne. See the Dockerfile at
+# repo1.dsop.io/dsop/microsoft/microsoft/microsoft-sql-server-2019
+#
+BUILD_ENVIRONMENT=${3:-internal}
+RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH=${4:-}
+
+# Function that prints information related to
+# the build scenario.
+#
+function printBuildScenario()
+{
+    echo "Installing container dependencies in the following build scenario:"
+    echo "PLATFORM_NAME = $PLATFORM_NAME"
+    echo "PLATFORM_FLAVOR_NAME = $PLATFORM_FLAVOR_NAME"
+    echo "BUILD_ENVIRONMENT = $BUILD_ENVIRONMENT"
+
+    if [ ! -z "$RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH" ]; then
+        echo "RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH = $RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH"
+    fi
+}
+
+# Function that performs pre-installation tasks
+# common across build environments.
+#
+function performCommonPreInstallationTasks()
+{
+    mkdir -p /tmp
+    chmod 1777 /tmp
+    cd /tmp
+
+    # Create the conf file for root to specify the soft stack limit.
+    #
+    # When running in docker - we start sqlserver as user 'mssql'.
+    # Also set the same limit for user 'root' in case the user sets
+    # the container to run with root privileges.
+    #
+    # This is done to ensure that the sqlservr (started under user mssql)
+    # doesn't  fallback to a legacy VA layout and place mmap_base at ~42TB.
+    #
+    echo "root soft stack 8192" > /etc/security/limits.d/99-mssql-server.conf
+    echo "mssql soft stack 8192" >> /etc/security/limits.d/99-mssql-server.conf
+}
+
+SCRIPT_DIRECTORY="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
+# Note: the text files consumed below containing list of packages to install were
+# placed under packages/docker/mssql-server-rhel/overlay/tmp/ so they end up inside
+# the "install" directory (e.g. .obj/packages/docker/mssql-server-rhel8/install/).
+#
+
+RHEL8_PKGS_FROM_UBI=$(cat $SCRIPT_DIRECTORY/pkgs-lists/rhel8/rhel8-pkgs-from-ubi.txt | tr '\n' ' ')
+
+# Function: getListOfPackagesToInstall
+#
+# Description: prints a single line with the space-separated
+# names of the packages to install based on the following parameters:
+#
+# 1. platform name: rhel8
+# 1. build environment (rhel8-only): external
+# 2. platform flavor name (rhel8-only): DSOP
+#
+function getListOfPackagesToInstall()
+{
+    packageList=""
+
+    if [ "$PLATFORM_NAME" == "$RHEL8" ]; then
+        # Packages which are obtained from the RHEL 8 UBI and are required
+        # by both flavors of the RHEL 8 image are consumed the same way across
+        # build environments.
+        #
+        packageList+="$RHEL8_PKGS_FROM_UBI"
+        packageList+=" "
+
+        if [ "$BUILD_ENVIRONMENT" == "external" ]; then
+            # In the external build environment on RepoOne, we don't have access
+            # to the Internet at build time, so RPM files which are not part of the
+            # UBI are exposed through a tarball that the external build pipeline has
+            # access to before the build starts.
+            #
+            packageList+="$RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH"/packages/*.rpm
+            packageList+=" "
+        fi
+    fi
+
+    echo "$packageList"
+}
+
+# Function that performs tasks required before installing
+# packages in the external build environment.
+#
+function performPreInstallationTasksForExternalBuild()
+{
+    if [ "$PLATFORM_NAME" == "$RHEL8" ]; then
+        cp "$RHEL8_RPM_FILES_NOT_FROM_UBI_DIRECTORY_PATH"/rpm-gpg/* /etc/pki/rpm-gpg/
+        rpm --import --quiet /etc/pki/rpm-gpg/*.asc
+    fi
+}
+
+# Function that calls the appropriate package manager
+# to perform the installation of the required packages.
+#
+function installPackages()
+{
+    if [ "$PLATFORM_NAME" == "$RHEL8" ]; then
+        ACCEPT_EULA=Y dnf -q -y --disableplugin=subscription-manager install \
+            $(getListOfPackagesToInstall)
+
+    elif [ "$PLATFORM_NAME" == "$RHEL7" ]; then
+        ACCEPT_EULA=Y yum -y --nogpgcheck install \
+            $(getListOfPackagesToInstall)
+    fi
+}
+
+# Function that performs post-installation tasks
+# common across build environments.
+#
+function performCommonPostInstallationTasks
+{
+    # Create non-root user and update permissions.
+    #
+    useradd -M -s /bin/bash -u 10001 -g 0 mssql
+    mkdir -p -m 770 /var/opt/mssql
+    chgrp -R 0 /var/opt/mssql
+
+    # Grant sql the permissions to connect to ports <1024 as a non-root user.
+    #
+    setcap 'cap_net_bind_service+ep' /opt/mssql/bin/sqlservr
+
+    # Allow dumps from the non-root process.
+    #
+    setcap 'cap_sys_ptrace+ep' /opt/mssql/bin/paldumper
+    if [ "$PLATFORM_NAME" == "$RHEL8" ]; then
+        setcap 'cap_sys_ptrace+ep' /usr/libexec/gdb
+    fi
+
+    # Add an ldconfig file because setcap causes the os to remove LD_LIBRARY_PATH
+    # and other env variables that control dynamic linking.
+    #
+    mkdir -p /etc/ld.so.conf.d && touch /etc/ld.so.conf.d/mssql.conf
+    echo -e "# mssql libs\n/opt/mssql/lib" >> /etc/ld.so.conf.d/mssql.conf
+    ldconfig
+
+    # Remove files from /tmp.
+    #
+    rm -rf /tmp/*
+}
+
+# Function that drives the installation of packages
+# for builds in the external environment.
+#
+function install_external()
+{
+    # Pre-installation phase
+    #
+    performCommonPreInstallationTasks
+    performPreInstallationTasksForExternalBuild
+
+    # Installation phase
+    #
+    installPackages
+
+    # Post-installation phase
+    #
+    performCommonPostInstallationTasks
+}
+
+printBuildScenario
+
+if [ "$BUILD_ENVIRONMENT" == "external" ]; then
+    install_external
+else
+    echo "Invalid parameter value: BUILD_ENVIRONMENT = $BUILD_ENVIRONMENT."
+    echo "The accepted value is 'external'."
+    exit 1
+fi
+

scripts/permissions_check_external.sh

+#!/bin/bash
+
+# This file is a copy of the permissions_check.sh script
+# of SQL Server on RHEL containers in the the mssql-server
+# repository. This file was copied into this Repo1 repository
+# because the Repo1 Contributor Onboarding Guide states that
+# Dockerfiles cannot call scripts obtained through the tarballs
+# that are pulled via the download.json file. Therefore, this
+# version should be kept in sync with the original version.
+#
+# See https://repo1.dsop.io/dsop/dccscr/-/tree/master/contributor-onboarding#repo-one-approved-container-requirements
+# for details.
+#
+
+username=$(whoami)
+message="SQL Server 2019 will run as non-root by default.\nThis container is running as user $username."
+
+# Find the master database file
+master_path=""
+mssql_conf="/opt/mssql/bin/mssql-conf"
+
+# Check for master.mdf using environment settings
+if [ -n "$MSSQL_MASTER_DATA_FILE" ] && [ -f "$MSSQL_MASTER_DATA_FILE" ]
+then
+    master_path="$MSSQL_MASTER_DATA_FILE"
+elif [ -n "$MSSQL_DATA_DIR" ] && [ -f "$MSSQL_DATA_DIR/master.mdf" ]
+then
+    # trim any trailing slashes from the path
+    trimmed_dir=$(echo "$MSSQL_DATA_DIR" | sed 's:/*$::')
+    if [ -f "$trimmed_dir/master.mdf" ]
+    then
+        master_path="$trimmed_dir/master.mdf"
+    fi
+fi
+
+# If not found, check mssql.conf for location
+if [ -z "$master_path" ] && [ -f /var/opt/mssql/mssql.conf ]
+then
+    # check for master data file
+    master_data_file=$($mssql_conf get filelocation masterdatafile | cut -d ':' -f 2 | tr -d ' ')
+    if [ -f "$master_data_file" ]
+    then
+        master_path="$master_data_file"
+    else
+        # check for default data dir
+        default_data_dir=$($mssql_conf get filelocation defaultdatadir | cut -d ':' -f 2 | tr -d ' ')
+        trimmed_dir=$(echo "$default_data_dir" | sed 's:/*$::')
+        if [ -f "$trimmed_dir/master.mdf" ]
+        then
+            master_path="$trimmed_dir/master.mdf"
+        fi
+    fi
+fi
+
+# If not found, check /var/opt/mssql
+if [ -f "/var/opt/mssql/data/master.mdf" ] && [ -z "$master_path" ]
+then
+    master_path="/var/opt/mssql/data/master.mdf"
+fi
+
+if [ -n "$master_path" ] && [ -f "$master_path" ]
+then
+    master_mdf_owner=$(stat -c '%U' "$master_path")
+    message="$message\nYour master database file is owned by $master_mdf_owner."
+fi
+
+message="$message\nTo learn more visit https://go.microsoft.com/fwlink/?linkid=2099216."
+echo -e "$message"
+
+# Execute the cmd from the dockerfile
+exec "$@"
\ No newline at end of file