From acd8063760df09d0edfbb052212fcc9bde91f0da Mon Sep 17 00:00:00 2001
From: "jonathan.janos@mongodb.com" <jonathan.janos@mongodb.com>
Date: Sat, 20 Feb 2021 01:06:24 -0500
Subject: [PATCH 1/2] Updates for UBI8 and switch to hardening_manifest.

---
 Dockerfile              | 50 ++++++++++++++++++++++++-------------
 Jenkinsfile             |  3 ---
 README.md               | 25 ++++++++++++-------
 download.json           |  9 -------
 hardening_manifest.yaml | 55 +++++++++++++++++++++++++++++++++++++++++
 5 files changed, 104 insertions(+), 38 deletions(-)
 delete mode 100644 Jenkinsfile
 delete mode 100644 download.json
 create mode 100644 hardening_manifest.yaml

diff --git a/Dockerfile b/Dockerfile
index 71fcf16..edd7bab 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,11 +1,11 @@
-# Dockerfile for AppDB Database Image.
-
+#
+# Base Template Dockerfile for Database Image.
+#
 ARG BASE_REGISTRY=registry1.dsop.io
-ARG BASE_IMAGE=redhat/ubi/ubi7
-ARG BASE_TAG=7.8
-ARG VERSION=10.2.15.5958-1
+ARG BASE_IMAGE=redhat/ubi/ubi8
+ARG BASE_TAG=8.3
 
-FROM quay.io/mongodb/mongodb-enterprise-appdb:${VERSION} as official
+FROM quay.io/mongodb/mongodb-enterprise-database-ubi:1.5.3 as official
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
@@ -13,29 +13,44 @@ ENV MMS_HOME /mongodb-automation
 ENV MMS_LOG_DIR /var/log/mongodb-mms-automation
 ENV MDB_DIR /var/lib/mongodb-mms-automation/downloads
 
+ARG AA_VERSION
 
 LABEL name="MongoDB Enterprise AppDB" \
-      version="${VERSION}" \
+      version="${AA_VERSION}" \
       summary="MongoDB Enterprise AppDB" \
       description="MongoDB Enterprise AppDB" \
       vendor="MongoDB" \
       release="1" \
       maintainer="support@mongodb.com"
 
-RUN yum update -y && yum install \
-        libpcap \
+COPY LICENSE /licenses/mongodb-enterprise-database
+
+RUN yum update -y && rm -rf /var/cache/yum \
+        # these are the packages needed for the agent
+        &&  yum install -y --disableplugin=subscription-manager \
+            hostname \
+            nss_wrapper --exclude perl-IO-Socket-SSL \
+            procps \
+        # these are the packages needed for MongoDB
+        # (https://docs.mongodb.com/manual/tutorial/install-mongodb-enterprise-on-red-hat-tarball/ "RHEL/CentOS 8" tab)
+        && yum install -y --disableplugin=subscription-manager \
+        cyrus-sasl \
+        cyrus-sasl-gssapi \
+        cyrus-sasl-plain \
+        krb5-libs \
+        libcurl \
         lm_sensors-libs \
         net-snmp \
         net-snmp-agent-libs \
-        rpm-libs \
-        tcp_wrappers-libs \
-        nss_wrapper; \
-        yum clean all; \
-        ln -s /usr/lib64/libsasl2.so.3 /usr/lib64/libsasl2.so.2
+        openldap \
+        openssl \
+        jq \
+        # mongodb enterprise expects this library /usr/lib64/libsasl2.so.2 but
+        # cyrus-sasl creates it in /usr/lib64/libsasl2.so.3 instead
+        && ln -s /usr/lib64/libsasl2.so.3 /usr/lib64/libsasl2.so.2
 
-COPY --from=official ${MDB_DIR} ${MDB_DIR}/
-COPY --from=official ${MMS_HOME} ${MMS_HOME}/
-COPY --from=official /licenses/* /licenses/
+# Copy all the required scripts from the official database image
+COPY --from=official "${MMS_HOME}" ${MMS_HOME}/
 
 # Set the required perms
 RUN    mkdir -p "${MMS_LOG_DIR}" \
@@ -46,6 +61,7 @@ RUN    mkdir -p "${MMS_LOG_DIR}" \
         && chmod 0775 /data \
         && mkdir -p /journal \
         && chmod 0775 /journal \
+        && mkdir -p "${MMS_HOME}" \
         && chmod -R 0775 "${MMS_HOME}"
 
 # USER needs to be set for this image to pass RedHat verification. Some customers have these requirements as well
diff --git a/Jenkinsfile b/Jenkinsfile
deleted file mode 100644
index 1c5cc31..0000000
--- a/Jenkinsfile
+++ /dev/null
@@ -1,3 +0,0 @@
-@Library('DCCSCR@master') _
-dccscrPipeline(version: "10.2.15.5958-1")
-
diff --git a/README.md b/README.md
index 7d4570a..c567529 100644
--- a/README.md
+++ b/README.md
@@ -1,30 +1,37 @@
 # Before You Begin #
 
-**PRIOR TO UTILIZING THE MONGODB ENTERPRISE ADVANCED CONTAINER, CONTACT YOUR MONGODB SALES REPRESENTATIVE.**  YOUR USE OF THE MONGODB ENTERPRISE SERVER IS SUBJECT TO THE TERMS AND CONDITIONS OF THE AGREEMENT BETWEEN USAF AND THE APPLICABLE RESELLER OF THE MONGODB ENTERPRISE SERVER.  SUCH AGREEMENT INCORPORATES THE TERMS & CONDITIONS OF THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT, THE VERSION OF WHICH CURRENT AS OF SEPTEMBER 2020 IS SET FORTH BELOW.  THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT IS SUBJECT TO AMENDMENT AND MODIFICATION FROM TIME TO TIME. 
+**PRIOR TO UTILIZING THE MONGODB ENTERPRISE ADVANCED CONTAINERS, CONTACT YOUR MONGODB SALES REPRESENTATIVE.**  YOUR USE OF THE MONGODB ENTERPRISE SERVER IS SUBJECT TO THE TERMS AND CONDITIONS OF THE AGREEMENT BETWEEN USAF AND THE APPLICABLE RESELLER OF THE MONGODB ENTERPRISE SERVER.  SUCH AGREEMENT INCORPORATES THE TERMS & CONDITIONS OF THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT, THE VERSION OF WHICH CURRENT AS OF SEPTEMBER 2020 IS SET FORTH BELOW.  THE MONGODB ENTERPRISE ADVANCED LICENSE AGREEMENT IS SUBJECT TO AMENDMENT AND MODIFICATION FROM TIME TO TIME. 
 
 
 # Contact Information #
 
 For licensing and technical information, please use the following contact information:
 
-Anton Hoffman, EAE USAF  
-781-996-8860  
-anton.hoffman@mongodb.com  
+Keegan Wetzel, EAE USAF  
+708-256-7904  
+keegan.wetzel@mongodb.com  
 Please also CC: publicsector@mongodb.com
 
 
 
-# MongoDB Enterprise Ops Manager - AppDB #
+# MongoDB Enterprise Kubernetes Operator #
 
-Backing database for MongoDB Ops Manager. This container image is used exclusively by the MongoDB Enterprise Kubernetes Operator to deploy MongoDB Ops Manager to Kubernetes or OpenShift clusters.
+The Mongo DB Enterprise Kubernetes Operator provides the necessary functionality to provision and manage MongoDB database deployments through Kubernetes and OpenShift. Supported deployment types include replica sets, sharded clusters, and standalone MongoDB instances. You provide the Operator with the specifications for your MongoDB clusters. The Operator uses this information to tell Kubernetes how to configure the clusters, including provisioning storage, setting up the network connections, and configuring other resources.
+
+The MongoDB Enterprise Kubernetes Operator works in conjunction with MongoDB Ops Manager, which must itself be deployed to the Kubernetes cluster or stood up separately. In addition to providing the necessary automation services, Ops Manager provides additional management capabilities such as metrics, monitoring, alerting, backups, performance optimization, and more.
+
+For more information about the MongoDB Enterprise Kubernetes Operator, please visit <https://docs.mongodb.com/kubernetes-operator>.
 
 For more information about MongoDB Ops Manager, please visit <https://www.mongodb.com/products/ops-manager>.
 
 Information about MongoDB can be found at <https://www.mongodb.com>.
 
-## Documentation ##
 
-Documentation for MongoDB Ops Manager is available at <https://docs.opsmanager.mongodb.com/current/>.
+# Documentation #
+
+[MongoDB - Documentation Home Page](https://docs.mongodb.com/)
+
+[MongoDB Enterprise Kubernetes Operator](https://docs.mongodb.com/kubernetes-operator/master/)
 
-Documentation for the MongoDB Enterprise Kubernetes Operator is available at <https://docs.mongodb.com/kubernetes-operator>.
+[MongoDB Ops Manager](https://docs.opsmanager.mongodb.com/current/)
 
diff --git a/download.json b/download.json
deleted file mode 100644
index 05019bf..0000000
--- a/download.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-  "resources": [
-    {
-      "url": "docker://quay.io/mongodb/mongodb-enterprise-appdb@sha256:6650dbd4cac6e08bd064407c178c73cf306e8f58bebe370f36aca33ff1c3e406",
-      "tag": "quay.io/mongodb/mongodb-enterprise-appdb:10.2.15.5958-1"
-    }
-  ]
-}
-
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
new file mode 100644
index 0000000..2db535b
--- /dev/null
+++ b/hardening_manifest.yaml
@@ -0,0 +1,55 @@
+---
+apiVersion: v1
+
+# The repository name in registry1, excluding /ironbank/
+name: "mongodb/mongodb-enterprise/mongodb-ops-manager-appdb"
+
+# List of tags to push for the repository in registry1
+# The most specific version should be the first tag and will be shown
+# on ironbank.dsop.io
+tags:
+- "1.5.3"
+- "latest"
+
+# Build args passed to Dockerfile ARGs
+args:
+  BASE_IMAGE: "redhat/ubi/ubi8"
+  BASE_TAG: "8.3"
+
+# Docker image labels
+labels:
+  org.opencontainers.image.title: "mongodb-enterprise-database"
+  ## Human-readable description of the software packaged in the image
+  org.opencontainers.image.description: "Base image for Ops Manager AppDB, used in conjunction with MongoDB Enterprise Kubernetes Operator"
+  ## License(s) under which contained software is distributed
+  org.opencontainers.image.licenses: "license"
+  ## URL to find more information on the image
+  org.opencontainers.image.url: "https://docs.mongodb.com/kubernetes-operator/stable/"
+  ## Name of the distributing entity, organization or individual
+  org.opencontainers.image.vendor: "MongoDB"
+  org.opencontainers.image.version: "1.5.3"
+  ## Keywords to help with search (ex. "cicd,gitops,golang")
+  mil.dso.ironbank.image.keywords: "mongodb,nosql,json,database"
+  ## This value can be "opensource" or "commercial"
+  mil.dso.ironbank.image.type: "commercial"
+  ## Product the image belongs to for grouping multiple images
+  mil.dso.ironbank.product.name: "mongodb-enterprise"
+
+# List of resources to make available to the offline build context
+resources:
+- tag: quay.io/mongodb/mongodb-enterprise-database-ubi:1.5.3
+  url: docker://quay.io/mongodb/mongodb-enterprise-database-ubi@sha256:8f2734cea7fc31f829a0f8752be5bfd1c69b3d2e59e677bb23f685aac7f58eb9
+
+# List of project maintainers
+maintainers:
+- email: "jonathan.janos@mongodb.com"
+  # The name of the current container owner
+  name: "Jonathan Janos"
+  # The gitlab username of the current container owner
+  username: "jonathan.janos"
+- email: "klepal_alexander@bah.com"
+  name: "Alexander Klepal"
+  username: "alexander.klepal"
+  cht_member: true
+
+
-- 
GitLab


From 6122375aeaf0fe5916734fd6e668741f050b0cb0 Mon Sep 17 00:00:00 2001
From: "jonathan.janos@mongodb.com" <jonathan.janos@mongodb.com>
Date: Sat, 20 Feb 2021 12:39:15 -0500
Subject: [PATCH 2/2] Updates for UBI8, and switch to hardening_manifest.

---
 hardening_manifest.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 2db535b..79088c9 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -18,7 +18,7 @@ args:
 
 # Docker image labels
 labels:
-  org.opencontainers.image.title: "mongodb-enterprise-database"
+  org.opencontainers.image.title: "mongodb-ops-manager-appdb"
   ## Human-readable description of the software packaged in the image
   org.opencontainers.image.description: "Base image for Ops Manager AppDB, used in conjunction with MongoDB Enterprise Kubernetes Operator"
   ## License(s) under which contained software is distributed
-- 
GitLab