From 37a532e75290a4a7b53b809c6e05352d3bed2d49 Mon Sep 17 00:00:00 2001 From: bhearn Date: Thu, 18 Feb 2021 17:09:27 -0700 Subject: [PATCH 1/2] update to 2.17.0 --- Dockerfile | 54 +++++++++++++++++++++++++++++++++-------- hardening_manifest.yaml | 10 ++++---- renovate.json | 3 +++ 3 files changed, 52 insertions(+), 15 deletions(-) create mode 100644 renovate.json diff --git a/Dockerfile b/Dockerfile index 0b50fc1..47e81a0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,30 +1,62 @@ -ARG BASE_REGISTRY=registry1.dsop.io +ARG BASE_REGISTRY=registry1.dso.mil ARG BASE_IMAGE=ironbank/redhat/openjdk/openjdk8 ARG BASE_TAG=1.8.0 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} -COPY apache-activemq-artemis.tar.gz /scripts/docker-run.sh opt/ +### +### upstream Dockerfile: https://github.com/apache/activemq-artemis/blob/master/artemis-docker/Dockerfile-centos +### # Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006 SHELL ["/bin/bash", "-o", "pipefail", "-c"] - WORKDIR /opt +# root user is needed to perform dnf upgrade/install USER root +# add user and group for artemis +# install libaio RUN groupadd -g 1001 -r artemis; \ useradd -r -u 1001 -g artemis artemis; \ dnf upgrade -y; \ - dnf install -y libaio --setopt=tsflags=nodocs; \ + dnf install -y --nodocs libaio; \ dnf clean all; \ - rm -rf /var/cache/dnf; \ - mkdir -p /opt/activemq-artemis; \ - tar -zxf apache-activemq-artemis.tar.gz --strip-components=1 -C /opt/activemq-artemis; \ - rm -f apache-activemq-artemis.tar.gz; \ - chmod +x docker-run.sh; \ + rm -rf /var/cache/dnf + +USER artemis + +# add artemis download and entrypoint script to opt/ +COPY activemq-artemis.tar.gz /scripts/docker-run.sh opt/ + +# Web Server +EXPOSE 8161 \ +# JMX Exporter + 9404 \ +# Port for CORE,MQTT,AMQP,HORNETQ,STOMP,OPENWIRE + 61616 \ +# Port for HORNETQ,STOMP + 5445 \ +# Port for AMQP + 5672 \ +# Port for MQTT + 1883 \ +#Port for STOMP + 61613 + +# root user is needed to untar +USER root + +# create directory for activemq-artemis +# untar the download to the correct location +# create directory and change ownership for artemis-instance +# change mode of entrypoint script to allow execution +RUN mkdir -p /opt/activemq-artemis; \ + tar -zxf activemq-artemis.tar.gz --strip-components=1 -C /opt/activemq-artemis; \ + rm -f activemq-artemis.tar.gz; \ mkdir /var/lib/artemis-instance; \ - chown -R artemis.artemis /var/lib/artemis-instance + chown -R artemis.artemis /var/lib/artemis-instance; \ + chmod +x docker-run.sh USER artemis @@ -36,9 +68,11 @@ EXPOSE 8161 \ 1883 \ 61613 +# Expose some outstanding folders (excluding VOLUME directive) WORKDIR /var/lib/artemis-instance ENTRYPOINT ["/opt/docker-run.sh"] CMD ["run"] +# add HEALTHCHECK for web server HEALTHCHECK CMD curl -f localhost:8161 || exit 1 \ No newline at end of file diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 45076ce..21a7aa2 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,7 @@ name: "opensource/apache/active-mq-artemis" # The most specific version should be the first tag and will be shown # on ironbank.dsop.io tags: -- "2.16.0" +- "2.17.0" - "latest" # Build args passed to Dockerfile ARGs @@ -27,7 +27,7 @@ labels: org.opencontainers.image.url: "http://activemq.apache.org/components/artemis/" ## Name of the distributing entity, organization or individual org.opencontainers.image.vendor: "Apache" - org.opencontainers.image.version: "2.16.0" + org.opencontainers.image.version: "2.17.0" ## Keywords to help with search (ex. "cicd,gitops,golang") # mil.dso.ironbank.image.keywords: "FIXME" ## This value can be "opensource" or "commercial" @@ -37,11 +37,11 @@ labels: # List of resources to make available to the offline build context resources: -- filename: apache-activemq-artemis.tar.gz - url: https://downloads.apache.org/activemq/activemq-artemis/2.16.0/apache-artemis-2.16.0-bin.tar.gz +- filename: activemq-artemis.tar.gz + url: https://downloads.apache.org/activemq/activemq-artemis/2.17.0/apache-artemis-2.17.0-bin.tar.gz validation: type: sha512 - value: 4990a6b742b08bff6a4c7b310d2610565b08a2a02e1a7aec065460d16f8a6fe3d4fe91a8040839f93d7c2eab09fd6a79848fb130f9820559ee3e81dcf8d51ead + value: 1d0287d9c3b9c3f38d691174e9f64e98a9592987d6446bc05e5a13c35cb832a82ef1bebf278a98ccab0270e479ced4b2b93072e64bdf73b4a07a4a7091c2a25f # List of project maintainers # FIXME: Fill in the following details for the current container owner in the whitelist diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..46ecf84 --- /dev/null +++ b/renovate.json @@ -0,0 +1,3 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json" +} \ No newline at end of file -- GitLab From 1421afc5bcb644b616e21c0b87065a68dc803e0b Mon Sep 17 00:00:00 2001 From: bhearn Date: Fri, 19 Feb 2021 11:55:43 -0700 Subject: [PATCH 2/2] update for 2.17.0 --- Dockerfile | 48 ++++++++++++++++++------------------------------ README.md | 11 +++++++---- 2 files changed, 25 insertions(+), 34 deletions(-) diff --git a/Dockerfile b/Dockerfile index 47e81a0..13e080c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,27 +8,38 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ### upstream Dockerfile: https://github.com/apache/activemq-artemis/blob/master/artemis-docker/Dockerfile-centos ### +# add artemis download and entrypoint script to opt/ +COPY activemq-artemis.tar.gz /scripts/docker-run.sh opt/ + # Make sure pipes are considered to determine success, see: https://github.com/hadolint/hadolint/wiki/DL4006 SHELL ["/bin/bash", "-o", "pipefail", "-c"] + WORKDIR /opt -# root user is needed to perform dnf upgrade/install +# root user is needed to perform dnf upgrade/install and untar USER root # add user and group for artemis # install libaio +# create directory for activemq-artemis +# untar the download to the correct location +# create directory and change ownership for artemis-instance +# change mode of entrypoint script to allow execution RUN groupadd -g 1001 -r artemis; \ useradd -r -u 1001 -g artemis artemis; \ dnf upgrade -y; \ dnf install -y --nodocs libaio; \ dnf clean all; \ - rm -rf /var/cache/dnf + rm -rf /var/cache/dnf; \ + mkdir -p /opt/activemq-artemis; \ + tar -zxf activemq-artemis.tar.gz --strip-components=1 -C /opt/activemq-artemis; \ + rm -f activemq-artemis.tar.gz; \ + mkdir /var/lib/artemis-instance; \ + chown -R artemis.artemis /var/lib/artemis-instance; \ + chmod +x docker-run.sh USER artemis -# add artemis download and entrypoint script to opt/ -COPY activemq-artemis.tar.gz /scripts/docker-run.sh opt/ - # Web Server EXPOSE 8161 \ # JMX Exporter @@ -44,31 +55,8 @@ EXPOSE 8161 \ #Port for STOMP 61613 -# root user is needed to untar -USER root - -# create directory for activemq-artemis -# untar the download to the correct location -# create directory and change ownership for artemis-instance -# change mode of entrypoint script to allow execution -RUN mkdir -p /opt/activemq-artemis; \ - tar -zxf activemq-artemis.tar.gz --strip-components=1 -C /opt/activemq-artemis; \ - rm -f activemq-artemis.tar.gz; \ - mkdir /var/lib/artemis-instance; \ - chown -R artemis.artemis /var/lib/artemis-instance; \ - chmod +x docker-run.sh - -USER artemis - -EXPOSE 8161 \ - 9404 \ - 61616 \ - 5445 \ - 5672 \ - 1883 \ - 61613 - -# Expose some outstanding folders (excluding VOLUME directive) +# Expose some outstanding folders +# exclude VOLUME directive WORKDIR /var/lib/artemis-instance ENTRYPOINT ["/opt/docker-run.sh"] diff --git a/README.md b/README.md index de8a358..0641d30 100644 --- a/README.md +++ b/README.md @@ -4,11 +4,14 @@ Apache ActiveMQ is an open source, multi-protocol, Java-based messaging server. ## Download -1. Go to the [Apache webpage](https://ironbank.dso.mil/ironbank/repomap/opensource/apache) in Iron Bank and download the latest ActiveMQ Artemis tarball. - -2. Navigate to the location of the download and run: +1. Login to Registry1: +``` +docker login registry1.dso.mil -u -p +``` +2. Navigate to the [Apache webpage](https://ironbank.dso.mil/ironbank/repomap/opensource/apache) in Iron Bank and copy the ActiveMQ Artemis pull command. +3. Pull the image: ``` -docker load -i +docker pull registry1.dso.mil/ironbank/opensource/apache/active-mq-artemis: ``` ## Install -- GitLab