Updates for UBI8 and switch to hardening_manifest.

acd80637 · jonathan.janos@mongodb.com · 6bfca5bd · acd80637 · 6bfca5bd · acd80637
Commit acd80637 authored Feb 20, 2021 by jonathan.janos@mongodb.com
Showing with 104 additions and 38 deletions

Dockerfile Dockerfile +33 -17

Jenkinsfile Jenkinsfile +0 -3

README.md README.md +16 -9

download.json download.json +0 -9

hardening_manifest.yaml hardening_manifest.yaml +55 -0

No files found.
--- a/Dockerfile
+++ b/Dockerfile
-# Dockerfile for AppDB Database Image.
-
+#
+# Base Template Dockerfile for Database Image.
+#
 ARG BASE_REGISTRY=registry1.dsop.io
-ARG BASE_IMAGE=redhat/ubi/ubi7
-ARG BASE_TAG=7.8
-ARG VERSION=10.2.15.5958-1
+ARG BASE_IMAGE=redhat/ubi/ubi8
+ARG BASE_TAG=8.3

-FROM quay.io/mongodb/mongodb-enterprise-appdb:${VERSION} as official
+FROM quay.io/mongodb/mongodb-enterprise-database-ubi:1.5.3 as official

 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}

@@ -13,29 +13,44 @@ ENV MMS_HOME /mongodb-automation
 ENV MMS_LOG_DIR /var/log/mongodb-mms-automation
 ENV MDB_DIR /var/lib/mongodb-mms-automation/downloads

+ARG AA_VERSION

 LABEL name="MongoDB Enterprise AppDB" \
-      version="${VERSION}" \
+      version="${AA_VERSION}" \
      summary="MongoDB Enterprise AppDB" \
      description="MongoDB Enterprise AppDB" \
      vendor="MongoDB" \
      release="1" \
      maintainer="support@mongodb.com"

-RUN yum update -y && yum install \
-        libpcap \
+COPY LICENSE /licenses/mongodb-enterprise-database
+
+RUN yum update -y && rm -rf /var/cache/yum \
+        # these are the packages needed for the agent
+        &&  yum install -y --disableplugin=subscription-manager \
+            hostname \
+            nss_wrapper --exclude perl-IO-Socket-SSL \
+            procps \
+        # these are the packages needed for MongoDB
+        # (https://docs.mongodb.com/manual/tutorial/install-mongodb-enterprise-on-red-hat-tarball/ "RHEL/CentOS 8" tab)
+        && yum install -y --disableplugin=subscription-manager \
+        cyrus-sasl \
+        cyrus-sasl-gssapi \
+        cyrus-sasl-plain \
+        krb5-libs \
+        libcurl \
        lm_sensors-libs \
        net-snmp \
        net-snmp-agent-libs \
-        rpm-libs \
-        tcp_wrappers-libs \
-        nss_wrapper; \
-        yum clean all; \
-        ln -s /usr/lib64/libsasl2.so.3 /usr/lib64/libsasl2.so.2
+        openldap \
+        openssl \
+        jq \
+        # mongodb enterprise expects this library /usr/lib64/libsasl2.so.2 but
+        # cyrus-sasl creates it in /usr/lib64/libsasl2.so.3 instead
+        && ln -s /usr/lib64/libsasl2.so.3 /usr/lib64/libsasl2.so.2

-COPY --from=official ${MDB_DIR} ${MDB_DIR}/
-COPY --from=official ${MMS_HOME} ${MMS_HOME}/
-COPY --from=official /licenses/* /licenses/
+# Copy all the required scripts from the official database image
+COPY --from=official "${MMS_HOME}" ${MMS_HOME}/

 # Set the required perms
 RUN    mkdir -p "${MMS_LOG_DIR}" \
@@ -46,6 +61,7 @@ RUN    mkdir -p "${MMS_LOG_DIR}" \
        && chmod 0775 /data \
        && mkdir -p /journal \
        && chmod 0775 /journal \
+        && mkdir -p "${MMS_HOME}" \
        && chmod -R 0775 "${MMS_HOME}"

 # USER needs to be set for this image to pass RedHat verification. Some customers have these requirements as well

--- a/Jenkinsfile
+++ b/Jenkinsfile
-@Library('DCCSCR@master') _
-dccscrPipeline(version: "10.2.15.5958-1")
-
--- a/README.md
+++ b/README.md
 # Before You Begin #

-**PRIOR TO UTILIZING THE MONGODB ENTERPRISE ADVANCED CONTAINER, CONTACT YOUR MONGODB SALES REPRESENTATIVE.**  YOUR USE OF THE MONGODB ENTERPRISE SERVER IS SUBJECT TO THE TERMS AND CONDITIONS OF THE AGREEMENT BETWEEN USAF AND THE APPLICABLE RESELLER OF THE MONGODB ENTERPRISE SERVER.  SUCH AGREEMENT INCORPORATES THE TERMS & CONDITIONS OF THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT, THE VERSION OF WHICH CURRENT AS OF SEPTEMBER 2020 IS SET FORTH BELOW.  THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT IS SUBJECT TO AMENDMENT AND MODIFICATION FROM TIME TO TIME. 
+**PRIOR TO UTILIZING THE MONGODB ENTERPRISE ADVANCED CONTAINERS, CONTACT YOUR MONGODB SALES REPRESENTATIVE.**  YOUR USE OF THE MONGODB ENTERPRISE SERVER IS SUBJECT TO THE TERMS AND CONDITIONS OF THE AGREEMENT BETWEEN USAF AND THE APPLICABLE RESELLER OF THE MONGODB ENTERPRISE SERVER.  SUCH AGREEMENT INCORPORATES THE TERMS & CONDITIONS OF THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT, THE VERSION OF WHICH CURRENT AS OF SEPTEMBER 2020 IS SET FORTH BELOW.  THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT IS SUBJECT TO AMENDMENT AND MODIFICATION FROM TIME TO TIME. 


 # Contact Information #

 For licensing and technical information, please use the following contact information:

-Anton Hoffman, EAE USAF  
-781-996-8860  
-anton.hoffman@mongodb.com  
+Keegan Wetzel, EAE USAF  
+708-256-7904  
+keegan.wetzel@mongodb.com  
 Please also CC: publicsector@mongodb.com



-# MongoDB Enterprise Ops Manager - AppDB #
+# MongoDB Enterprise Kubernetes Operator #

-Backing database for MongoDB Ops Manager. This container image is used exclusively by the MongoDB Enterprise Kubernetes Operator to deploy MongoDB Ops Manager to Kubernetes or OpenShift clusters.
+The Mongo DB Enterprise Kubernetes Operator provides the necessary functionality to provision and manage MongoDB database deployments through Kubernetes and OpenShift. Supported deployment types include replica sets, sharded clusters, and standalone MongoDB instances. You provide the Operator with the specifications for your MongoDB clusters. The Operator uses this information to tell Kubernetes how to configure the clusters, including provisioning storage, setting up the network connections, and configuring other resources.
+
+The MongoDB Enterprise Kubernetes Operator works in conjunction with MongoDB Ops Manager, which must itself be deployed to the Kubernetes cluster or stood up separately. In addition to providing the necessary automation services, Ops Manager provides additional management capabilities such as metrics, monitoring, alerting, backups, performance optimization, and more.
+
+For more information about the MongoDB Enterprise Kubernetes Operator, please visit <https://docs.mongodb.com/kubernetes-operator>.

 For more information about MongoDB Ops Manager, please visit <https://www.mongodb.com/products/ops-manager>.

 Information about MongoDB can be found at <https://www.mongodb.com>.

-## Documentation ##

-Documentation for MongoDB Ops Manager is available at <https://docs.opsmanager.mongodb.com/current/>.
+# Documentation #
+
+[MongoDB - Documentation Home Page](https://docs.mongodb.com/)
+
+[MongoDB Enterprise Kubernetes Operator](https://docs.mongodb.com/kubernetes-operator/master/)

-Documentation for the MongoDB Enterprise Kubernetes Operator is available at <https://docs.mongodb.com/kubernetes-operator>.
+[MongoDB Ops Manager](https://docs.opsmanager.mongodb.com/current/)

--- a/download.json
+++ b/download.json
-{
-  "resources": [
-    {
-      "url": "docker://quay.io/mongodb/mongodb-enterprise-appdb@sha256:6650dbd4cac6e08bd064407c178c73cf306e8f58bebe370f36aca33ff1c3e406",
-      "tag": "quay.io/mongodb/mongodb-enterprise-appdb:10.2.15.5958-1"
-    }
-  ]
-}
-
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "mongodb/mongodb-enterprise/mongodb-ops-manager-appdb"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+- "1.5.3"
+- "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "redhat/ubi/ubi8"
+  BASE_TAG: "8.3"
+
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "mongodb-enterprise-database"
+  ## Human-readable description of the software packaged in the image
+  org.opencontainers.image.description: "Base image for Ops Manager AppDB, used in conjunction with MongoDB Enterprise Kubernetes Operator"
+  ## License(s) under which contained software is distributed
+  org.opencontainers.image.licenses: "license"
+  ## URL to find more information on the image
+  org.opencontainers.image.url: "https://docs.mongodb.com/kubernetes-operator/stable/"
+  ## Name of the distributing entity, organization or individual
+  org.opencontainers.image.vendor: "MongoDB"
+  org.opencontainers.image.version: "1.5.3"
+  ## Keywords to help with search (ex. "cicd,gitops,golang")
+  mil.dso.ironbank.image.keywords: "mongodb,nosql,json,database"
+  ## This value can be "opensource" or "commercial"
+  mil.dso.ironbank.image.type: "commercial"
+  ## Product the image belongs to for grouping multiple images
+  mil.dso.ironbank.product.name: "mongodb-enterprise"
+
+# List of resources to make available to the offline build context
+resources:
+- tag: quay.io/mongodb/mongodb-enterprise-database-ubi:1.5.3
+  url: docker://quay.io/mongodb/mongodb-enterprise-database-ubi@sha256:8f2734cea7fc31f829a0f8752be5bfd1c69b3d2e59e677bb23f685aac7f58eb9
+
+# List of project maintainers
+maintainers:
+- email: "jonathan.janos@mongodb.com"
+  # The name of the current container owner
+  name: "Jonathan Janos"
+  # The gitlab username of the current container owner
+  username: "jonathan.janos"
+- email: "klepal_alexander@bah.com"
+  name: "Alexander Klepal"
+  username: "alexander.klepal"
+  cht_member: true
+
+