From 06956ca997267a9a9ed581df794a388c2c1bd792 Mon Sep 17 00:00:00 2001 From: "jonathan.janos@mongodb.com" Date: Mon, 29 Jun 2020 11:24:30 -0400 Subject: [PATCH 1/5] Initial commit of the Ops Manager AppDB Database container image --- Dockerfile | 99 +++++++++++++++++++++++ Jenkinsfile | 3 + LICENSE | 4 + README.md | 15 +++- content/RPM-GPG-KEY-EPEL-7 | 29 +++++++ content/agent-launcher-lib.sh | 146 ++++++++++++++++++++++++++++++++++ content/agent-launcher.sh | 124 +++++++++++++++++++++++++++++ content/epel.repo | 8 ++ content/probe.sh | 42 ++++++++++ download.json | 21 +++++ 10 files changed, 490 insertions(+), 1 deletion(-) create mode 100644 Dockerfile create mode 100644 Jenkinsfile create mode 100644 LICENSE create mode 100644 content/RPM-GPG-KEY-EPEL-7 create mode 100755 content/agent-launcher-lib.sh create mode 100755 content/agent-launcher.sh create mode 100644 content/epel.repo create mode 100755 content/probe.sh create mode 100755 download.json diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..803c9b3 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,99 @@ +# Dockerfile for AppDB Database Image. + +ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 +ARG BASE_IMAGE=redhat/ubi/ubi7 +ARG BASE_TAG=7.8 + +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} + +ENV MMS_HOME /mongodb-automation +ENV MMS_LOG_DIR /var/log/mongodb-mms-automation +ENV MDB_DIR /var/lib/mongodb-mms-automation/downloads + +ARG MDB_TARBALL=mongodb-linux-x86_64-enterprise-rhel70-4.2.2.tgz +ARG AA_TARBALL=mongodb-mms-automation-agent-10.2.15.5958-1.linux_x86_64.tar.gz +ARG AA_VERSION=10.2.15.5958-1 + +LABEL name="MongoDB Enterprise AppDB" \ + version="${AA_VERSION}" \ + summary="MongoDB Enterprise AppDB" \ + description="MongoDB Enterprise AppDB" \ + vendor="MongoDB" \ + release="1" \ + maintainer="support@mongodb.com" + +RUN mkdir -p /licenses +COPY LICENSE /licenses/mongodb-enterprise-database + +RUN yum update -y && yum install \ + curl \ + cyrus-sasl \ + cyrus-sasl-gssapi \ + cyrus-sasl-plain \ + krb5-libs \ + libcurl \ + libpcap \ + lm_sensors-libs \ + net-snmp \ + net-snmp-agent-libs \ + openldap \ + openssl \ + rpm-libs \ + tcp_wrappers-libs \ + nss_wrapper; \ + yum clean all + +RUN ln -s /usr/lib64/libsasl2.so.3 /usr/lib64/libsasl2.so.2 + +RUN mkdir -p "${MMS_HOME}/files/" + +# TODO: remove once database is using init container +COPY content/ "${MMS_HOME}/files/" + +# Download and extract the MongoDB archive and put it where the automation agent expects to find it. +# So an AppDB agent will download MongoDB from the internet only if the version does not match the version we have put inside the container. +COPY ${MDB_TARBALL} mongodb.tgz +RUN tar -xzf mongodb.tgz \ + && rm mongodb.tgz \ + && mkdir -p "${MDB_DIR}" \ + # We need to strip the binary name from its tgz extension + && mv mongodb-linux-* "${MDB_DIR}" \ + && chmod -R 0775 "${MDB_DIR}" + +# Download the latest Automation Agent binary + +COPY ${AA_TARBALL} automation-agent.tar.gz +RUN tar -xzf automation-agent.tar.gz \ + && mv mongodb-mms-automation-agent-*/mongodb-mms-automation-agent "${MMS_HOME}/files/" \ + && chmod +x "${MMS_HOME}/files/mongodb-mms-automation-agent" \ + && rm -rf automation-agent.tar.gz "mongodb-mms-automation-agent-*/" + + # would prefer to have specific versions instead of * + # && mv "./mongodb-mms-automation-agent-${AA_VERSION}.linux_x86_64/mongodb-mms-automation-agent" "${MMS_HOME}/files/" \ + # && rm -rf automation-agent.tar.gz "mongodb-mms-automation-agent-${AA_VERSION}.linux_x86_64/" + +# Remove when we move to init appdb +RUN echo "${AA_VERSION}" > "${MMS_HOME}/files/agent-version" + +# Set the required perms +RUN mkdir -p "${MMS_LOG_DIR}" \ + && chmod 0775 "${MMS_LOG_DIR}" \ + && mkdir -p /var/lib/mongodb-mms-automation \ + && chmod 0775 /var/lib/mongodb-mms-automation \ + && mkdir -p /data \ + && chmod 0775 /data \ + && mkdir -p /journal \ + && chmod 0775 /journal \ + && chmod -R 0775 "${MMS_HOME}" + +# USER needs to be set for this image to pass RedHat verification. Some customers have these requirements as well +# It does not matter what number it is, as long as it is set to something. +# However, OpenShift will run the container as a random user, +# and the number in this configuration is not relevant. +USER 2000 + +# TODO: make entrypoint be a sleep infinity once MDB is using init container +ENTRYPOINT ["/mongodb-automation/files/agent-launcher.sh"] + +HEALTHCHECK --timeout=30s CMD ls /mongodb-automation/files/agent-launcher.sh || exit 1 + diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..20beed0 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,3 @@ +@Library('DCCSCR@master') _ +dccscrPipeline(version: "1.5.3") + diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..b5ca950 --- /dev/null +++ b/LICENSE @@ -0,0 +1,4 @@ +Usage of the MongoDB Enterprise Operator for Kubernetes indicates +agreement with the MongoDB Development, Test, and Evaluation Agreement + +* https://www.mongodb.com/legal/evaluation-agreement diff --git a/README.md b/README.md index bc1f099..97caa1e 100644 --- a/README.md +++ b/README.md @@ -1 +1,14 @@ -MongoDB Ops Manager AppDB \ No newline at end of file +# MongoDB Enterprise Ops Manager - AppDB # + +Backing database for MongoDB Ops Manager. This container image is used exclusively by the MongoDB Enterprise Kubernetes Operator to deploy MongoDB Ops Manager to Kubernetes or OpenShift clusters. + +For more information about MongoDB Ops Manager, please visit . + +Information about MongoDB can be found at . + +## Documentation ## + +Documentation for MongoDB Ops Manager is available at . + +Documentation for the MongoDB Enterprise Kubernetes Operator is available at . + diff --git a/content/RPM-GPG-KEY-EPEL-7 b/content/RPM-GPG-KEY-EPEL-7 new file mode 100644 index 0000000..f205ede --- /dev/null +++ b/content/RPM-GPG-KEY-EPEL-7 @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (GNU/Linux) + +mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB +OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm +jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP +vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM +jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5 +S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ +n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB +9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95 +T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj +GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf +uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB +tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB +AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk +5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q +ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu +MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re +9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax +CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv +HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB +VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q +thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc +ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4 +vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt +RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw== +=hdPa +-----END PGP PUBLIC KEY BLOCK----- diff --git a/content/agent-launcher-lib.sh b/content/agent-launcher-lib.sh new file mode 100755 index 0000000..1afeca6 --- /dev/null +++ b/content/agent-launcher-lib.sh @@ -0,0 +1,146 @@ +#!/usr/bin/env bash + +# This is a file containing all the functions which may be needed for other shell scripts + +# see if jq is available for json logging +use_jq="$(command -v jq)" + +# log stdout as structured json with given log type +json_log () { + if [ "$use_jq" ]; then + jq --unbuffered --null-input -c --raw-input "inputs | {\"logType\": \"$1\", \"contents\": .}"; + else + echo "$1" + fi +} + +# log a given message in json format +script_log () { + echo "$1" | json_log 'agent-launcher-script' +} + +# the function reacting on SIGTERM command sent by the container on its shutdown. Makes sure all processes started (including +# mongodb) receive the signal. For MongoDB this results in graceful shutdown of replication (starting from 4.0.9) which may +# take some time. The script waits for all the processes to finish, otherwise the container would terminate as Kubernetes +# waits only for the process with pid #1 to end +cleanup () { + # Important! Keep this in sync with DefaultPodTerminationPeriodSeconds constant from constants.go + termination_timeout_seconds=600 + + script_log "Caught SIGTERM signal. Passing the signal to the automation agent and the mongod processes." + + kill -15 "$agentPid" + wait "$agentPid" + + mongoPid="$(cat /data/mongod.lock)" + kill -15 "$mongoPid" + + script_log "Waiting until mongod process is shutdown. Note, that if mongod process fails to shutdown in the time specified by the 'terminationGracePeriodSeconds' property (default $termination_timeout_seconds seconds) then the container will be killed by Kubernetes." + + # dev note: we cannot use 'wait' for the external processes, seems the spinning loop is the best option + while [ -e "/proc/$mongoPid" ]; do sleep 0.1; done + + script_log "Mongod and automation agent processes are shutdown" +} + +# ensure_certs_symlinks function checks if certificates and CAs are mounted and creates symlinks to them +ensure_certs_symlinks () { + # the paths inside the pod. Move to parameters if multiple usage is needed + secrets_dir="/var/lib/mongodb-automation/secrets" + custom_ca_dir="${secrets_dir}/ca" + pod_secrets_dir="/mongodb-automation" + + if [ -d "${secrets_dir}/certs" ]; then + script_log "Found certificates in the host, will symlink to where the automation agent expects them to be" + podname=$(hostname) + + if [ ! -f "${secrets_dir}/certs/${podname}-pem" ]; then + script_log "PEM Certificate file does not exist in ${secrets_dir}/certs/${podname}-pem. Check the Secret object with certificates is well formed." + exit 1 + fi + + ln -s "${secrets_dir}/certs/${podname}-pem" "${pod_secrets_dir}/server.pem" + fi + + if [ -d "${custom_ca_dir}" ]; then + if [ -f "${custom_ca_dir}/ca-pem" ]; then + script_log "Using CA file provided by user" + ln -s "${custom_ca_dir}/ca-pem" "${pod_secrets_dir}/ca.pem" + else + script_log "Could not find CA file. The name of the entry on the Secret object should be 'ca-pem'" + exit 1 + fi + else + script_log "Using Kubernetes CA file" + ln -s "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" "${pod_secrets_dir}/ca.pem" + fi +} + +# download_agent function downloads and unpacks the Mongodb Agent +download_agent () { + script_log "Downloading a Mongodb Agent from ${base_url}" + pushd /tmp >/dev/null + + curl_opts=( + "${base_url}/download/agent/automation/mongodb-mms-automation-agent-latest.linux_x86_64.tar.gz" + "--location" "--silent" "--retry" "3" "--fail" "-v" + "--output" "automation-agent.tar.gz" + ) + + if [ "${SSL_REQUIRE_VALID_MMS_CERTIFICATES-}" = "false" ]; then + # If we are not expecting valid certs, `curl` should be run with `--insecure` option. + # The default is NOT to accept insecure connections. + curl_opts+=("--insecure") + fi + + if [ -n "${SSL_TRUSTED_MMS_SERVER_CERTIFICATE-}" ]; then + curl_opts+=("--cacert" "${SSL_TRUSTED_MMS_SERVER_CERTIFICATE}") + fi + + if ! curl "${curl_opts[@]}" &> "${MMS_LOG_DIR}/agent-launcher-script.log"; then + script_log "Error while downloading the Mongodb agent" + cat "${MMS_LOG_DIR}/agent-launcher-script.log" | json_log 'agent-launcher-script' + exit 1 + fi + + script_log "The Mongodb Agent binary downloaded, unpacking" + tar -xzf automation-agent.tar.gz + AGENT_VERSION=$(find . -name mongodb-mms-automation-agent-* | awk -F"-" '{ print $5 }') + echo "${AGENT_VERSION}" > "${MMS_HOME}/files/agent-version" + mv mongodb-mms-automation-agent-*/mongodb-mms-automation-agent "${MMS_HOME}/files/" + chmod +x "${MMS_HOME}/files/mongodb-mms-automation-agent" + rm -rf automation-agent.tar.gz mongodb-mms-automation-agent-*.linux_x86_64 + script_log "The Automation Agent was deployed at ${MMS_HOME}/files/mongodb-mms-automation-agent" + popd >/dev/null +} +#https://stackoverflow.com/a/4025065/614239 +compare_versions () { + if [[ $1 == $2 ]] + then + return 0 + fi + local IFS=. + local i ver1=($1) ver2=($2) + # fill empty fields in ver1 with zeros + for ((i=${#ver1[@]}; i<${#ver2[@]}; i++)) + do + ver1[i]=0 + done + for ((i=0; i<${#ver1[@]}; i++)) + do + if [[ -z ${ver2[i]} ]] + then + # fill empty fields in ver2 with zeros + ver2[i]=0 + fi + if ((10#${ver1[i]} > 10#${ver2[i]})) + then + return 1 + fi + if ((10#${ver1[i]} < 10#${ver2[i]})) + then + return 2 + fi + done + return 0 +} diff --git a/content/agent-launcher.sh b/content/agent-launcher.sh new file mode 100755 index 0000000..e318a37 --- /dev/null +++ b/content/agent-launcher.sh @@ -0,0 +1,124 @@ +#!/usr/bin/env bash +set -o nounset +set -o errexit +set -o pipefail + +source "${MMS_HOME}/files/agent-launcher-lib.sh" + +# The path to the automation config file in case the agent is run in headless mode +cluster_config_file="/var/lib/mongodb-automation/cluster-config.json" + +# file required by Automation Agents of authentication is enabled. +keyfile_dir="/var/lib/mongodb-mms-automation" +mkdir -p ${keyfile_dir} +touch "${keyfile_dir}/keyfile" +chmod 600 "${keyfile_dir}/keyfile" + +ensure_certs_symlinks + +# Ensure that the user has an entry in /etc/passwd +current_uid=$(id -u) +declare -r current_uid +if ! grep -q "${current_uid}" /etc/passwd ; then + # Adding it here to avoid panics in the automation agent + sed -e "s/^mongodb:/builder:/" /etc/passwd > /tmp/passwd + echo "mongodb:x:$(id -u):$(id -g):,,,:/mongodb-automation:/bin/bash" >> /tmp/passwd + export LD_PRELOAD=libnss_wrapper.so + export NSS_WRAPPER_PASSWD=/tmp/passwd + export NSS_WRAPPER_GROUP=/etc/group +fi + +# Create a symlink, after the volumes have been mounted +# If the journal directory already exists (this could be the migration of the existing MongoDB database) - we need +# to copy it to the correct location first and remove a directory +if [[ -d /data/journal ]] && [[ ! -L /data/journal ]]; then + script_log "The journal directory /data/journal already exists - moving its content to /journal" + if [[ $(ls -1 /data/journal | wc -l) -gt 0 ]]; then + mv /data/journal/* /journal + fi + rm -rf /data/journal +fi + +ln -sf /journal /data/ +script_log "Created symlink: /data/journal -> $(readlink -f /data/journal)" + +# If it is a migration of the existing MongoDB - then there could be a mongodb.log in a default location - +# let's try to copy it to a new directory +if [[ -f /data/mongodb.log ]] && [[ ! -f "${MMS_LOG_DIR}/mongodb.log" ]]; then + script_log "The mongodb log file /data/mongodb.log already exists - moving it to ${MMS_LOG_DIR}" + mv /data/mongodb.log ${MMS_LOG_DIR} +fi + +base_url="${BASE_URL-}" # If unassigned, set to empty string to avoid set-u errors +base_url="${base_url%/}" # Remove any accidentally defined trailing slashes +declare -r base_url + +# Download the Automation Agent from Ops Manager +# Note, that it will be skipped if the agent is supposed to be run in headless mode +if [[ -n "${base_url}" ]]; then + download_agent +fi +AGENT_VERSION="$(cat ${MMS_HOME}/files/agent-version)" + +# Start the Automation Agent +agentOpts=( + "-mmsGroupId" "${GROUP_ID-}" + "-pidfilepath" "${MMS_HOME}/mongodb-mms-automation-agent.pid" + "-maxLogFileDurationHrs" "24" + "-logLevel" "${LOG_LEVEL:-INFO}" + "-logFile" "${MMS_LOG_DIR}/automation-agent.log" +) +script_log "Automation Agent version: ${AGENT_VERSION}" + +# this is the version of Automation Agent which has fixes for health file bugs +set +e +compare_versions "${AGENT_VERSION}" 10.2.3.5866-1 +if [[ $? -le 1 ]]; then + agentOpts+=("-healthCheckFilePath" "${MMS_LOG_DIR}/agent-health-status.json") +fi +set -e + +if [[ -n "${base_url}" ]]; then + agentOpts+=("-mmsBaseUrl" "${base_url}") +else + agentOpts+=("-cluster" "${cluster_config_file}") + # we need to open the web server on localhost even though we don't use it - otherwise Agent doesn't + # produce status information at all (we need it in health file) + agentOpts+=("-serveStatusPort" "5000") + script_log "Mongodb Agent is configured to run in \"headless\" mode using local config file" +fi + +if [[ -n "${HTTP_PROXY-}" ]]; then + agentOpts+=("-httpProxy" "${HTTP_PROXY}") +fi + +if [[ -n "${SSL_TRUSTED_MMS_SERVER_CERTIFICATE-}" ]]; then + agentOpts+=("-sslTrustedMMSServerCertificate" "${SSL_TRUSTED_MMS_SERVER_CERTIFICATE}") +fi + +if [[ "${SSL_REQUIRE_VALID_MMS_CERTIFICATES-}" != "false" ]]; then + # Only set this option when valid certs are required. The default is false + agentOpts+=("-sslRequireValidMMSServerCertificates") +fi + +script_log "Launching automation agent with following arguments: ${agentOpts[*]} -mmsApiKey ${AGENT_API_KEY+}" + +agentOpts+=("-mmsApiKey" "${AGENT_API_KEY-}") + +# Note, that we do logging in subshell - this allows us to save the сorrect PID to variable (not the logging one) +"${MMS_HOME}/files/mongodb-mms-automation-agent" "${agentOpts[@]}" 2>> "${MMS_LOG_DIR}/automation-agent-stderr.log" > >(json_log "automation-agent-stdout") & +agentPid=$! + +trap cleanup SIGTERM + +# Note that we don't care about orphan processes as they will die together with container in case of any troubles +# tail's -F flag is equivalent to --follow=name --retry. Should we track log rotation events? +AGENT_VERBOSE_LOG="${MMS_LOG_DIR}/automation-agent-verbose.log" && touch "${AGENT_VERBOSE_LOG}" +AGENT_STDERR_LOG="${MMS_LOG_DIR}/automation-agent-stderr.log" && touch "${AGENT_STDERR_LOG}" +MONGODB_LOG="${MMS_LOG_DIR}/mongodb.log" && touch "${MONGODB_LOG}" + +tail -F "${AGENT_VERBOSE_LOG}" 2> /dev/null | json_log 'automation-agent-verbose' & +tail -F "${AGENT_STDERR_LOG}" 2> /dev/null | json_log 'automation-agent-stderr' & +tail -F "${MONGODB_LOG}" 2> /dev/null | json_log 'mongodb' & + +wait diff --git a/content/epel.repo b/content/epel.repo new file mode 100644 index 0000000..62eaaab --- /dev/null +++ b/content/epel.repo @@ -0,0 +1,8 @@ +[epel] +name=Extra Packages for Enterprise Linux 7 - $basearch +#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch +mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch +failovermethod=priority +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 diff --git a/content/probe.sh b/content/probe.sh new file mode 100755 index 0000000..15e8241 --- /dev/null +++ b/content/probe.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +agent_pid=/mongodb-automation/mongodb-mms-automation-agent.pid + +check_agent_pid () { + # the agent PID must exists always + # it it does not exists, we assume it is being updated + # so we have a failure threshold of a few minutes. + [ -f $agent_pid ] +} + +baby_container () { + # returns 0 if host's uptime is less than 1 hour + # To check if container uptime is less than 1 hour, + # we check for how long the pid1 process has + # been running. + pid1_alive_secs=$(ps -o etimes= -p 1) + pid1_alive_mins=$((pid1_alive_secs / 60)) + + [ $pid1_alive_mins -lt 60 ] +} + +check_mongod_alive () { + pgrep --exact 'mongod' +} + +check_mongos_alive () { + pgrep --exact 'mongos' +} + +check_mongo_process_alive () { + # the mongod process pid might not always exist + # 1. when the container is being created the mongod package needs to be + # downloaded. the agent will wait for 1 hour before giving up. + # 2. the mongod process might be getting updated, we'll set a + # failureThreshold on the livenessProbe to a few minutes before we + # give up. + + baby_container || check_mongod_alive || check_mongos_alive +} + +check_agent_pid && check_mongo_process_alive diff --git a/download.json b/download.json new file mode 100755 index 0000000..d48a54f --- /dev/null +++ b/download.json @@ -0,0 +1,21 @@ +{ + "resources": [ + { + "url": "https://downloads.mongodb.com/linux/mongodb-linux-x86_64-enterprise-rhel70-4.2.2.tgz", + "filename": "mongodb-linux-x86_64-enterprise-rhel70-4.2.2.tgz", + "validation": { + "type": "sha256", + "value": "53ca0c0b9b08925da359b43f6e399726d96bf87d92b29b2f258ed6201edaccaf" + } + }, + { + "url": "https://s3.amazonaws.com/mciuploads/mms-automation/mongodb-mms-build-agent/builds/automation-agent/prod/mongodb-mms-automation-agent-10.2.15.5958-1.linux_x86_64.tar.gz", + "filename": "mongodb-mms-automation-agent-10.2.15.5958-1.linux_x86_64.tar.gz", + "validation": { + "type": "sha256", + "value": "a9e1fb56a9fb517ff7eea3966ac3d8cf8343ee293acdd10dbe5bf475262d7def" + } + } + ] +} + -- GitLab From d54bfcdc16e1edb1dd3eb763f04a49d79cdc2267 Mon Sep 17 00:00:00 2001 From: Anton Lisovenko Date: Fri, 31 Jul 2020 14:35:41 +0100 Subject: [PATCH 2/5] Using base image to get binaries (MDB and the agent) instead of downloading the tar files --- Dockerfile | 57 +++---------- content/RPM-GPG-KEY-EPEL-7 | 29 ------- content/agent-launcher-lib.sh | 146 ---------------------------------- content/agent-launcher.sh | 124 ----------------------------- content/epel.repo | 8 -- content/probe.sh | 42 ---------- download.json | 21 ----- 7 files changed, 9 insertions(+), 418 deletions(-) delete mode 100644 content/RPM-GPG-KEY-EPEL-7 delete mode 100755 content/agent-launcher-lib.sh delete mode 100755 content/agent-launcher.sh delete mode 100644 content/epel.repo delete mode 100755 content/probe.sh delete mode 100755 download.json diff --git a/Dockerfile b/Dockerfile index 803c9b3..4c00a63 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,9 @@ ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 ARG BASE_IMAGE=redhat/ubi/ubi7 ARG BASE_TAG=7.8 +ARG VERSION=10.2.15.5958-1 + +FROM quay.io/mongodb/mongodb-enterprise-appdb:${VERSION} as official FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} @@ -10,70 +13,29 @@ ENV MMS_HOME /mongodb-automation ENV MMS_LOG_DIR /var/log/mongodb-mms-automation ENV MDB_DIR /var/lib/mongodb-mms-automation/downloads -ARG MDB_TARBALL=mongodb-linux-x86_64-enterprise-rhel70-4.2.2.tgz -ARG AA_TARBALL=mongodb-mms-automation-agent-10.2.15.5958-1.linux_x86_64.tar.gz -ARG AA_VERSION=10.2.15.5958-1 LABEL name="MongoDB Enterprise AppDB" \ - version="${AA_VERSION}" \ + version="${VERSION}" \ summary="MongoDB Enterprise AppDB" \ description="MongoDB Enterprise AppDB" \ vendor="MongoDB" \ release="1" \ maintainer="support@mongodb.com" -RUN mkdir -p /licenses -COPY LICENSE /licenses/mongodb-enterprise-database - RUN yum update -y && yum install \ - curl \ - cyrus-sasl \ - cyrus-sasl-gssapi \ - cyrus-sasl-plain \ - krb5-libs \ - libcurl \ libpcap \ lm_sensors-libs \ net-snmp \ net-snmp-agent-libs \ - openldap \ - openssl \ rpm-libs \ tcp_wrappers-libs \ nss_wrapper; \ - yum clean all - -RUN ln -s /usr/lib64/libsasl2.so.3 /usr/lib64/libsasl2.so.2 - -RUN mkdir -p "${MMS_HOME}/files/" - -# TODO: remove once database is using init container -COPY content/ "${MMS_HOME}/files/" - -# Download and extract the MongoDB archive and put it where the automation agent expects to find it. -# So an AppDB agent will download MongoDB from the internet only if the version does not match the version we have put inside the container. -COPY ${MDB_TARBALL} mongodb.tgz -RUN tar -xzf mongodb.tgz \ - && rm mongodb.tgz \ - && mkdir -p "${MDB_DIR}" \ - # We need to strip the binary name from its tgz extension - && mv mongodb-linux-* "${MDB_DIR}" \ - && chmod -R 0775 "${MDB_DIR}" - -# Download the latest Automation Agent binary - -COPY ${AA_TARBALL} automation-agent.tar.gz -RUN tar -xzf automation-agent.tar.gz \ - && mv mongodb-mms-automation-agent-*/mongodb-mms-automation-agent "${MMS_HOME}/files/" \ - && chmod +x "${MMS_HOME}/files/mongodb-mms-automation-agent" \ - && rm -rf automation-agent.tar.gz "mongodb-mms-automation-agent-*/" - - # would prefer to have specific versions instead of * - # && mv "./mongodb-mms-automation-agent-${AA_VERSION}.linux_x86_64/mongodb-mms-automation-agent" "${MMS_HOME}/files/" \ - # && rm -rf automation-agent.tar.gz "mongodb-mms-automation-agent-${AA_VERSION}.linux_x86_64/" + yum clean all; \ + ln -s /usr/lib64/libsasl2.so.3 /usr/lib64/libsasl2.so.2 -# Remove when we move to init appdb -RUN echo "${AA_VERSION}" > "${MMS_HOME}/files/agent-version" +COPY --from=official ${MDB_DIR} ${MDB_DIR}/ +COPY --from=official ${MMS_HOME} ${MMS_HOME}/ +COPY --from=official /licenses/* /licenses/ # Set the required perms RUN mkdir -p "${MMS_LOG_DIR}" \ @@ -92,7 +54,6 @@ RUN mkdir -p "${MMS_LOG_DIR}" \ # and the number in this configuration is not relevant. USER 2000 -# TODO: make entrypoint be a sleep infinity once MDB is using init container ENTRYPOINT ["/mongodb-automation/files/agent-launcher.sh"] HEALTHCHECK --timeout=30s CMD ls /mongodb-automation/files/agent-launcher.sh || exit 1 diff --git a/content/RPM-GPG-KEY-EPEL-7 b/content/RPM-GPG-KEY-EPEL-7 deleted file mode 100644 index f205ede..0000000 --- a/content/RPM-GPG-KEY-EPEL-7 +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1.4.11 (GNU/Linux) - -mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB -OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm -jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP -vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM -jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5 -S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ -n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB -9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95 -T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj -GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf -uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB -tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB -AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk -5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q -ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu -MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re -9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax -CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv -HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB -VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q -thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc -ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4 -vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt -RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw== -=hdPa ------END PGP PUBLIC KEY BLOCK----- diff --git a/content/agent-launcher-lib.sh b/content/agent-launcher-lib.sh deleted file mode 100755 index 1afeca6..0000000 --- a/content/agent-launcher-lib.sh +++ /dev/null @@ -1,146 +0,0 @@ -#!/usr/bin/env bash - -# This is a file containing all the functions which may be needed for other shell scripts - -# see if jq is available for json logging -use_jq="$(command -v jq)" - -# log stdout as structured json with given log type -json_log () { - if [ "$use_jq" ]; then - jq --unbuffered --null-input -c --raw-input "inputs | {\"logType\": \"$1\", \"contents\": .}"; - else - echo "$1" - fi -} - -# log a given message in json format -script_log () { - echo "$1" | json_log 'agent-launcher-script' -} - -# the function reacting on SIGTERM command sent by the container on its shutdown. Makes sure all processes started (including -# mongodb) receive the signal. For MongoDB this results in graceful shutdown of replication (starting from 4.0.9) which may -# take some time. The script waits for all the processes to finish, otherwise the container would terminate as Kubernetes -# waits only for the process with pid #1 to end -cleanup () { - # Important! Keep this in sync with DefaultPodTerminationPeriodSeconds constant from constants.go - termination_timeout_seconds=600 - - script_log "Caught SIGTERM signal. Passing the signal to the automation agent and the mongod processes." - - kill -15 "$agentPid" - wait "$agentPid" - - mongoPid="$(cat /data/mongod.lock)" - kill -15 "$mongoPid" - - script_log "Waiting until mongod process is shutdown. Note, that if mongod process fails to shutdown in the time specified by the 'terminationGracePeriodSeconds' property (default $termination_timeout_seconds seconds) then the container will be killed by Kubernetes." - - # dev note: we cannot use 'wait' for the external processes, seems the spinning loop is the best option - while [ -e "/proc/$mongoPid" ]; do sleep 0.1; done - - script_log "Mongod and automation agent processes are shutdown" -} - -# ensure_certs_symlinks function checks if certificates and CAs are mounted and creates symlinks to them -ensure_certs_symlinks () { - # the paths inside the pod. Move to parameters if multiple usage is needed - secrets_dir="/var/lib/mongodb-automation/secrets" - custom_ca_dir="${secrets_dir}/ca" - pod_secrets_dir="/mongodb-automation" - - if [ -d "${secrets_dir}/certs" ]; then - script_log "Found certificates in the host, will symlink to where the automation agent expects them to be" - podname=$(hostname) - - if [ ! -f "${secrets_dir}/certs/${podname}-pem" ]; then - script_log "PEM Certificate file does not exist in ${secrets_dir}/certs/${podname}-pem. Check the Secret object with certificates is well formed." - exit 1 - fi - - ln -s "${secrets_dir}/certs/${podname}-pem" "${pod_secrets_dir}/server.pem" - fi - - if [ -d "${custom_ca_dir}" ]; then - if [ -f "${custom_ca_dir}/ca-pem" ]; then - script_log "Using CA file provided by user" - ln -s "${custom_ca_dir}/ca-pem" "${pod_secrets_dir}/ca.pem" - else - script_log "Could not find CA file. The name of the entry on the Secret object should be 'ca-pem'" - exit 1 - fi - else - script_log "Using Kubernetes CA file" - ln -s "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" "${pod_secrets_dir}/ca.pem" - fi -} - -# download_agent function downloads and unpacks the Mongodb Agent -download_agent () { - script_log "Downloading a Mongodb Agent from ${base_url}" - pushd /tmp >/dev/null - - curl_opts=( - "${base_url}/download/agent/automation/mongodb-mms-automation-agent-latest.linux_x86_64.tar.gz" - "--location" "--silent" "--retry" "3" "--fail" "-v" - "--output" "automation-agent.tar.gz" - ) - - if [ "${SSL_REQUIRE_VALID_MMS_CERTIFICATES-}" = "false" ]; then - # If we are not expecting valid certs, `curl` should be run with `--insecure` option. - # The default is NOT to accept insecure connections. - curl_opts+=("--insecure") - fi - - if [ -n "${SSL_TRUSTED_MMS_SERVER_CERTIFICATE-}" ]; then - curl_opts+=("--cacert" "${SSL_TRUSTED_MMS_SERVER_CERTIFICATE}") - fi - - if ! curl "${curl_opts[@]}" &> "${MMS_LOG_DIR}/agent-launcher-script.log"; then - script_log "Error while downloading the Mongodb agent" - cat "${MMS_LOG_DIR}/agent-launcher-script.log" | json_log 'agent-launcher-script' - exit 1 - fi - - script_log "The Mongodb Agent binary downloaded, unpacking" - tar -xzf automation-agent.tar.gz - AGENT_VERSION=$(find . -name mongodb-mms-automation-agent-* | awk -F"-" '{ print $5 }') - echo "${AGENT_VERSION}" > "${MMS_HOME}/files/agent-version" - mv mongodb-mms-automation-agent-*/mongodb-mms-automation-agent "${MMS_HOME}/files/" - chmod +x "${MMS_HOME}/files/mongodb-mms-automation-agent" - rm -rf automation-agent.tar.gz mongodb-mms-automation-agent-*.linux_x86_64 - script_log "The Automation Agent was deployed at ${MMS_HOME}/files/mongodb-mms-automation-agent" - popd >/dev/null -} -#https://stackoverflow.com/a/4025065/614239 -compare_versions () { - if [[ $1 == $2 ]] - then - return 0 - fi - local IFS=. - local i ver1=($1) ver2=($2) - # fill empty fields in ver1 with zeros - for ((i=${#ver1[@]}; i<${#ver2[@]}; i++)) - do - ver1[i]=0 - done - for ((i=0; i<${#ver1[@]}; i++)) - do - if [[ -z ${ver2[i]} ]] - then - # fill empty fields in ver2 with zeros - ver2[i]=0 - fi - if ((10#${ver1[i]} > 10#${ver2[i]})) - then - return 1 - fi - if ((10#${ver1[i]} < 10#${ver2[i]})) - then - return 2 - fi - done - return 0 -} diff --git a/content/agent-launcher.sh b/content/agent-launcher.sh deleted file mode 100755 index e318a37..0000000 --- a/content/agent-launcher.sh +++ /dev/null @@ -1,124 +0,0 @@ -#!/usr/bin/env bash -set -o nounset -set -o errexit -set -o pipefail - -source "${MMS_HOME}/files/agent-launcher-lib.sh" - -# The path to the automation config file in case the agent is run in headless mode -cluster_config_file="/var/lib/mongodb-automation/cluster-config.json" - -# file required by Automation Agents of authentication is enabled. -keyfile_dir="/var/lib/mongodb-mms-automation" -mkdir -p ${keyfile_dir} -touch "${keyfile_dir}/keyfile" -chmod 600 "${keyfile_dir}/keyfile" - -ensure_certs_symlinks - -# Ensure that the user has an entry in /etc/passwd -current_uid=$(id -u) -declare -r current_uid -if ! grep -q "${current_uid}" /etc/passwd ; then - # Adding it here to avoid panics in the automation agent - sed -e "s/^mongodb:/builder:/" /etc/passwd > /tmp/passwd - echo "mongodb:x:$(id -u):$(id -g):,,,:/mongodb-automation:/bin/bash" >> /tmp/passwd - export LD_PRELOAD=libnss_wrapper.so - export NSS_WRAPPER_PASSWD=/tmp/passwd - export NSS_WRAPPER_GROUP=/etc/group -fi - -# Create a symlink, after the volumes have been mounted -# If the journal directory already exists (this could be the migration of the existing MongoDB database) - we need -# to copy it to the correct location first and remove a directory -if [[ -d /data/journal ]] && [[ ! -L /data/journal ]]; then - script_log "The journal directory /data/journal already exists - moving its content to /journal" - if [[ $(ls -1 /data/journal | wc -l) -gt 0 ]]; then - mv /data/journal/* /journal - fi - rm -rf /data/journal -fi - -ln -sf /journal /data/ -script_log "Created symlink: /data/journal -> $(readlink -f /data/journal)" - -# If it is a migration of the existing MongoDB - then there could be a mongodb.log in a default location - -# let's try to copy it to a new directory -if [[ -f /data/mongodb.log ]] && [[ ! -f "${MMS_LOG_DIR}/mongodb.log" ]]; then - script_log "The mongodb log file /data/mongodb.log already exists - moving it to ${MMS_LOG_DIR}" - mv /data/mongodb.log ${MMS_LOG_DIR} -fi - -base_url="${BASE_URL-}" # If unassigned, set to empty string to avoid set-u errors -base_url="${base_url%/}" # Remove any accidentally defined trailing slashes -declare -r base_url - -# Download the Automation Agent from Ops Manager -# Note, that it will be skipped if the agent is supposed to be run in headless mode -if [[ -n "${base_url}" ]]; then - download_agent -fi -AGENT_VERSION="$(cat ${MMS_HOME}/files/agent-version)" - -# Start the Automation Agent -agentOpts=( - "-mmsGroupId" "${GROUP_ID-}" - "-pidfilepath" "${MMS_HOME}/mongodb-mms-automation-agent.pid" - "-maxLogFileDurationHrs" "24" - "-logLevel" "${LOG_LEVEL:-INFO}" - "-logFile" "${MMS_LOG_DIR}/automation-agent.log" -) -script_log "Automation Agent version: ${AGENT_VERSION}" - -# this is the version of Automation Agent which has fixes for health file bugs -set +e -compare_versions "${AGENT_VERSION}" 10.2.3.5866-1 -if [[ $? -le 1 ]]; then - agentOpts+=("-healthCheckFilePath" "${MMS_LOG_DIR}/agent-health-status.json") -fi -set -e - -if [[ -n "${base_url}" ]]; then - agentOpts+=("-mmsBaseUrl" "${base_url}") -else - agentOpts+=("-cluster" "${cluster_config_file}") - # we need to open the web server on localhost even though we don't use it - otherwise Agent doesn't - # produce status information at all (we need it in health file) - agentOpts+=("-serveStatusPort" "5000") - script_log "Mongodb Agent is configured to run in \"headless\" mode using local config file" -fi - -if [[ -n "${HTTP_PROXY-}" ]]; then - agentOpts+=("-httpProxy" "${HTTP_PROXY}") -fi - -if [[ -n "${SSL_TRUSTED_MMS_SERVER_CERTIFICATE-}" ]]; then - agentOpts+=("-sslTrustedMMSServerCertificate" "${SSL_TRUSTED_MMS_SERVER_CERTIFICATE}") -fi - -if [[ "${SSL_REQUIRE_VALID_MMS_CERTIFICATES-}" != "false" ]]; then - # Only set this option when valid certs are required. The default is false - agentOpts+=("-sslRequireValidMMSServerCertificates") -fi - -script_log "Launching automation agent with following arguments: ${agentOpts[*]} -mmsApiKey ${AGENT_API_KEY+}" - -agentOpts+=("-mmsApiKey" "${AGENT_API_KEY-}") - -# Note, that we do logging in subshell - this allows us to save the сorrect PID to variable (not the logging one) -"${MMS_HOME}/files/mongodb-mms-automation-agent" "${agentOpts[@]}" 2>> "${MMS_LOG_DIR}/automation-agent-stderr.log" > >(json_log "automation-agent-stdout") & -agentPid=$! - -trap cleanup SIGTERM - -# Note that we don't care about orphan processes as they will die together with container in case of any troubles -# tail's -F flag is equivalent to --follow=name --retry. Should we track log rotation events? -AGENT_VERBOSE_LOG="${MMS_LOG_DIR}/automation-agent-verbose.log" && touch "${AGENT_VERBOSE_LOG}" -AGENT_STDERR_LOG="${MMS_LOG_DIR}/automation-agent-stderr.log" && touch "${AGENT_STDERR_LOG}" -MONGODB_LOG="${MMS_LOG_DIR}/mongodb.log" && touch "${MONGODB_LOG}" - -tail -F "${AGENT_VERBOSE_LOG}" 2> /dev/null | json_log 'automation-agent-verbose' & -tail -F "${AGENT_STDERR_LOG}" 2> /dev/null | json_log 'automation-agent-stderr' & -tail -F "${MONGODB_LOG}" 2> /dev/null | json_log 'mongodb' & - -wait diff --git a/content/epel.repo b/content/epel.repo deleted file mode 100644 index 62eaaab..0000000 --- a/content/epel.repo +++ /dev/null @@ -1,8 +0,0 @@ -[epel] -name=Extra Packages for Enterprise Linux 7 - $basearch -#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch -mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch -failovermethod=priority -enabled=1 -gpgcheck=1 -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 diff --git a/content/probe.sh b/content/probe.sh deleted file mode 100755 index 15e8241..0000000 --- a/content/probe.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -agent_pid=/mongodb-automation/mongodb-mms-automation-agent.pid - -check_agent_pid () { - # the agent PID must exists always - # it it does not exists, we assume it is being updated - # so we have a failure threshold of a few minutes. - [ -f $agent_pid ] -} - -baby_container () { - # returns 0 if host's uptime is less than 1 hour - # To check if container uptime is less than 1 hour, - # we check for how long the pid1 process has - # been running. - pid1_alive_secs=$(ps -o etimes= -p 1) - pid1_alive_mins=$((pid1_alive_secs / 60)) - - [ $pid1_alive_mins -lt 60 ] -} - -check_mongod_alive () { - pgrep --exact 'mongod' -} - -check_mongos_alive () { - pgrep --exact 'mongos' -} - -check_mongo_process_alive () { - # the mongod process pid might not always exist - # 1. when the container is being created the mongod package needs to be - # downloaded. the agent will wait for 1 hour before giving up. - # 2. the mongod process might be getting updated, we'll set a - # failureThreshold on the livenessProbe to a few minutes before we - # give up. - - baby_container || check_mongod_alive || check_mongos_alive -} - -check_agent_pid && check_mongo_process_alive diff --git a/download.json b/download.json deleted file mode 100755 index d48a54f..0000000 --- a/download.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "resources": [ - { - "url": "https://downloads.mongodb.com/linux/mongodb-linux-x86_64-enterprise-rhel70-4.2.2.tgz", - "filename": "mongodb-linux-x86_64-enterprise-rhel70-4.2.2.tgz", - "validation": { - "type": "sha256", - "value": "53ca0c0b9b08925da359b43f6e399726d96bf87d92b29b2f258ed6201edaccaf" - } - }, - { - "url": "https://s3.amazonaws.com/mciuploads/mms-automation/mongodb-mms-build-agent/builds/automation-agent/prod/mongodb-mms-automation-agent-10.2.15.5958-1.linux_x86_64.tar.gz", - "filename": "mongodb-mms-automation-agent-10.2.15.5958-1.linux_x86_64.tar.gz", - "validation": { - "type": "sha256", - "value": "a9e1fb56a9fb517ff7eea3966ac3d8cf8343ee293acdd10dbe5bf475262d7def" - } - } - ] -} - -- GitLab From 67caa8fe7abe4eace672f46db663750268a54736 Mon Sep 17 00:00:00 2001 From: Anton Lisovenko Date: Fri, 31 Jul 2020 15:48:51 +0100 Subject: [PATCH 3/5] download.json --- download.json | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 download.json diff --git a/download.json b/download.json new file mode 100644 index 0000000..05019bf --- /dev/null +++ b/download.json @@ -0,0 +1,9 @@ +{ + "resources": [ + { + "url": "docker://quay.io/mongodb/mongodb-enterprise-appdb@sha256:6650dbd4cac6e08bd064407c178c73cf306e8f58bebe370f36aca33ff1c3e406", + "tag": "quay.io/mongodb/mongodb-enterprise-appdb:10.2.15.5958-1" + } + ] +} + -- GitLab From 23a7b4d40664fb7c0b088708e696aca4120782d3 Mon Sep 17 00:00:00 2001 From: "jonathan.janos@mongodb.com" Date: Tue, 4 Aug 2020 14:02:54 -0400 Subject: [PATCH 4/5] modified Jenkinsfile per feedback --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 20beed0..1c5cc31 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,3 +1,3 @@ @Library('DCCSCR@master') _ -dccscrPipeline(version: "1.5.3") +dccscrPipeline(version: "10.2.15.5958-1") -- GitLab From f8cc89e88f358060aa81f1abe7562d7c9d96b398 Mon Sep 17 00:00:00 2001 From: "jonathan.janos@mongodb.com" Date: Tue, 4 Aug 2020 18:23:13 -0400 Subject: [PATCH 5/5] Modified BASE_REGISTRY to registry1.dsop.io --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4c00a63..71fcf16 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # Dockerfile for AppDB Database Image. -ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 +ARG BASE_REGISTRY=registry1.dsop.io ARG BASE_IMAGE=redhat/ubi/ubi7 ARG BASE_TAG=7.8 ARG VERSION=10.2.15.5958-1 -- GitLab