From 3a98be8f9c571282747829daa942ad004c6cdc9d Mon Sep 17 00:00:00 2001 From: jweatherford Date: Wed, 21 Oct 2020 15:37:54 -0400 Subject: [PATCH 1/6] updated Dockerfile to reduce layers and take out extra comments --- Dockerfile | 202 ++++++++++++----------------------------------------- 1 file changed, 46 insertions(+), 156 deletions(-) diff --git a/Dockerfile b/Dockerfile index 08591c2..d07e47b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,9 +3,9 @@ # #ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 ARG BASE_REGISTRY=registry1.dsop.io/ironbank -ARG BASE_IMAGE=redhat/ubi/ubi8 +ARG BASE_IMAGE=ironbank/redhat/openjdk/openjdk8 ARG BASE_TAG=8.2 -FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} as base +FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} # # LABEL @@ -18,75 +18,44 @@ LABEL name="Puppet Server" \ summary="Puppet Server Image" \ description="Puppet Server Image" -# -# BUILD ARGUMENTS -# -ARG PUPPET_VERSION=6.13.0 - -# -# UPDATE BASE and install RPMs, COPY gems -# -COPY puppetserver-6.13.0-1.el8.noarch.rpm /opt/puppetserver-6.13.0-1.el8.noarch.rpm -COPY puppetdb-6.12.0-1.el8.noarch.rpm /opt/puppetdb-6.12.0-1.el8.noarch.rpm -COPY puppet-agent-6.18.0-1.el8.x86_64.rpm /opt/puppet-agent-6.18.0-1.el8.x86_64.rpm -COPY puppetdb-termini-6.12.0-1.el8.noarch.rpm /opt/puppetdb-termini-6.12.0-1.el8.noarch.rpm -COPY colored2-3.1.2.gem /opt/colored2-3.1.2.gem -COPY cri-2.15.10.gem /opt/cri-2.15.10.gem -COPY faraday-0.17.3.gem /opt/faraday-0.17.3.gem -COPY faraday_middleware-0.14.0.gem /opt/faraday_middleware-0.14.0.gem -COPY fast_gettext-1.1.2.gem /opt/fast_gettext-1.1.2.gem -COPY gettext-3.2.9.gem /opt/gettext-3.2.9.gem -COPY gettext-setup-0.34.gem /opt/gettext-setup-0.34.gem -COPY locale-2.1.3.gem /opt/locale-2.1.3.gem -COPY log4r-1.1.10.gem /opt/log4r-1.1.10.gem -COPY minitar-0.9.gem /opt/minitar-0.9.gem -COPY multi_json-1.15.0.gem /opt/multi_json-1.15.0.gem -COPY multipart-post-2.1.1.gem /opt/multipart-post-2.1.1.gem -COPY puppet_forge-2.3.4.gem /opt/puppet_forge-2.3.4.gem -COPY r10k-3.6.0.gem /opt/r10k-3.6.0.gem -COPY semantic_puppet-1.0.2.gem /opt/semantic_puppet-1.0.2.gem -COPY text-1.3.1.gem /opt/text-1.3.1.gem +#COPY puppetserver-6.13.0-1.el8.noarch.rpm /opt/puppetserver-6.13.0-1.el8.noarch.rpm +#COPY puppetdb-6.12.0-1.el8.noarch.rpm /opt/puppetdb-6.12.0-1.el8.noarch.rpm +#COPY puppet-agent-6.18.0-1.el8.x86_64.rpm /opt/puppet-agent-6.18.0-1.el8.x86_64.rpm +#COPY puppetdb-termini-6.12.0-1.el8.noarch.rpm /opt/puppetdb-termini-6.12.0-1.el8.noarch.rpm +#COPY colored2-3.1.2.gem /opt/colored2-3.1.2.gem +#COPY cri-2.15.10.gem /opt/cri-2.15.10.gem +#COPY faraday-0.17.3.gem /opt/faraday-0.17.3.gem +#COPY faraday_middleware-0.14.0.gem /opt/faraday_middleware-0.14.0.gem +#COPY fast_gettext-1.1.2.gem /opt/fast_gettext-1.1.2.gem +#COPY gettext-3.2.9.gem /opt/gettext-3.2.9.gem +#COPY gettext-setup-0.34.gem /opt/gettext-setup-0.34.gem +#COPY locale-2.1.3.gem /opt/locale-2.1.3.gem +#COPY log4r-1.1.10.gem /opt/log4r-1.1.10.gem +#COPY minitar-0.9.gem /opt/minitar-0.9.gem +#COPY multi_json-1.15.0.gem /opt/multi_json-1.15.0.gem +#COPY multipart-post-2.1.1.gem /opt/multipart-post-2.1.1.gem +#COPY puppet_forge-2.3.4.gem /opt/puppet_forge-2.3.4.gem +#COPY r10k-3.6.0.gem /opt/r10k-3.6.0.gem +#COPY semantic_puppet-1.0.2.gem /opt/semantic_puppet-1.0.2.gem +#COPY text-1.3.1.gem /opt/text-1.3.1.gem + +COPY puppetserver-6.13.0-1.el8.noarch.rpm \ + puppetdb-6.12.0-1.el8.noarch.rpm \ + puppet-agent-6.18.0-1.el8.x86_64.rpm \ + puppetdb-termini-6.12.0-1.el8.noarch.rpm \ + dumb-init-1.2.2-6.el8.x86_64.rpm /opt/ +COPY *.gem /opt/ RUN yum update -y && \ yum -y upgrade -RUN yum -y install java-1.8.0-openjdk-headless net-tools procps - -RUN rpm -Uvh /opt/puppet-agent-6.18.0-1.el8.x86_64.rpm -RUN rpm -Uvh /opt/puppetserver-6.13.0-1.el8.noarch.rpm -RUN rpm -Uvh /opt/puppetdb-6.12.0-1.el8.noarch.rpm - -############################################ -# Original Dockerfile contents - -ARG build_type=release -ARG UBUNTU_CODENAME=ironbank - -ARG PACKAGES=ca-certificates\ git -ARG DUMB_INIT_VERSION="1.2.2" - - -###################################################### -# base -###################################################### +RUN yum -y install java-1.8.0-openjdk-headless net-tools procps && rpm -Uvh /opt/puppet*.rpm -ARG PACKAGES=ca-certificates\ git -ARG DUMB_INIT_VERSION="1.2.2" -#LABEL org.label-schema.maintainer="Puppet Release Team " \ -# org.label-schema.vendor="Puppet" \ -# org.label-schema.url="https://github.com/puppetlabs/puppetserver" \ -# org.label-schema.license="Apache-2.0" \ -# org.label-schema.vcs-url="https://github.com/puppetlabs/puppetserver" \ -# org.label-schema.schema-version="1.0" \ -# org.label-schema.dockerfile="/Dockerfile" -ENV PUPPERWARE_ANALYTICS_TRACKING_ID="UA-132486246-4" \ - PUPPERWARE_ANALYTICS_APP_NAME="puppetserver" \ - PUPPERWARE_ANALYTICS_ENABLED=false \ - PUPPETSERVER_JAVA_ARGS="-Xms512m -Xmx512m" \ +ENV PUPPETSERVER_JAVA_ARGS="-Xms512m -Xmx512m" \ PATH=/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin:$PATH \ SSLDIR=/etc/puppetlabs/puppet/ssl \ LOGDIR=/var/log/puppetlabs/puppetserver \ @@ -107,100 +76,26 @@ ENV PUPPERWARE_ANALYTICS_TRACKING_ID="UA-132486246-4" \ PUPPET_REPORTS="puppetdb" -#ADD https://github.com/Yelp/dumb-init/releases/download/v"$DUMB_INIT_VERSION"/dumb-init_"$DUMB_INIT_VERSION"_amd64.deb / -COPY dumb-init-1.2.2-6.el8.x86_64.rpm /opt/dumb-init-1.2.2-6.el8.x86_64.rpm COPY scripts/docker-entrypoint.sh \ scripts/healthcheck.sh \ / -#COPY docker/puppetserver/docker-entrypoint.d /docker-entrypoint.d -# Because cloning the repo would be too easy, we have to do it the damned hard way for IRONBANK RUN mkdir /docker-entrypoint.d && \ chmod 0755 /docker-entrypoint.d -COPY scripts/10-analytics.sh /docker-entrypoint.d/ -COPY scripts/20-use-templates-initially.sh /docker-entrypoint.d/ -COPY scripts/30-set-permissions.sh /docker-entrypoint.d/ -COPY scripts/40-update-puppetdb-conf.sh /docker-entrypoint.d/ -COPY scripts/50-set-certname.sh /docker-entrypoint.d/ -COPY scripts/55-set-masterport.sh /docker-entrypoint.d/ -COPY scripts/60-setup-autosign.sh /docker-entrypoint.d/ -COPY scripts/70-set-dns-alt-names.sh /docker-entrypoint.d/ -COPY scripts/80-ca.sh /docker-entrypoint.d/ -COPY scripts/85-setup-storeconfigs.sh /docker-entrypoint.d/ -COPY scripts/90-log-config.sh /docker-entrypoint.d/ - - -### Original apt base -# no need to pin versions or clear apt cache as its still being used -# hadolint ignore=DL3008,DL3009 -#RUN chmod +x /docker-entrypoint.sh /healthcheck.sh && \ -# apt-get update && \ -# apt-get install -y --no-install-recommends $PACKAGES && \ -# dpkg -i dumb-init_"$DUMB_INIT_VERSION"_amd64.deb && \ -# rm dumb-init_"$DUMB_INIT_VERSION"_amd64.deb - -# IRONBANK version +COPY scripts/10-analytics.sh scripts/20-use-templates-initially.sh scripts/30-set-permissions.sh i\ + scripts/40-update-puppetdb-conf.sh scripts/50-set-certname.sh scripts/55-set-masterport.sh \ + scripts/60-setup-autosign.sh scripts/70-set-dns-alt-names.sh scripts/80-ca.sh \ + scripts/85-setup-storeconfigs.sh scripts/90-log-config.sh /docker-entrypoint.d/ + + RUN chmod +x /docker-entrypoint.sh /healthcheck.sh && \ - yum -y update && \ - yum -y upgrade && \ - rpm -Uvh /opt/dumb-init-1.2.2-6.el8.x86_64.rpm && \ - rm -f /opt/dumb-init-1.2.2-6.el8.x86_64.rpm - - -###################################################### -# release (build from packages) -###################################################### - -FROM base as release - -ARG version -ARG UBUNTU_CODENAME -ARG install_path=puppetserver="$version"-1"$UBUNTU_CODENAME" -#ARG deb_uri=https://apt.puppetlabs.com/puppet6-release-$UBUNTU_CODENAME.deb -#ARG rpm_repo=puppet6-release-el-8.noarch.rpm - -###################################################### -# final image -###################################################### - -# dynamically selects "edge" or "release" alias based on ARG -# hadolint ignore=DL3006 -FROM release as final - -ARG build_type -ARG vcs_ref -ARG version -ARG build_date -ARG install_path -#ARG deb_uri -ARG rpm_repo -# used by entrypoint to submit metrics to Google Analytics; -# published images should use "production" for this build_arg -ARG pupperware_analytics_stream="production" - -# hadolint ignore=DL3020 -#ADD $deb_uri /puppet.deb - -## hadolint ignore=DL3008,DL3028 -#RUN dpkg -i /puppet.deb && \ -# rm /puppet.deb && \ -# apt-get update && \ -# apt-get install --no-install-recommends -y $install_path puppetdb-termini && \ -# apt-get clean && \ -# rm -rf /var/lib/apt/lists/* && \ -# gem install --no-rdoc --no-ri r10k && \ -# puppet config set autosign true --section master && \ -# cp -pr /etc/puppetlabs/puppet /var/tmp && \ -# cp -pr /opt/puppetlabs/server/data/puppetserver /var/tmp && \ -# rm -rf /var/tmp/puppet/ssl - -RUN rpm -Uvh /opt/puppetdb-termini-6.12.0-1.el8.noarch.rpm && \ - yum clean all && \ - rm -rf /var/yum/cache/* && \ - gem install --local --no-rdoc --no-ri --ignore-dependencies /opt/*.gem && \ + + + +RUN gem install --local --no-rdoc --no-ri --ignore-dependencies /opt/*.gem && \ puppet config set autosign true --section master && \ cp -pr /etc/puppetlabs/puppet /var/tmp && \ cp -pr /opt/puppetlabs/server/data/puppetserver /var/tmp && \ @@ -213,26 +108,21 @@ COPY scripts/logback.xml \ COPY scripts/puppetserver.conf /etc/puppetlabs/puppetserver/conf.d/ COPY scripts/puppetdb.conf /var/tmp/puppet/ -COPY Dockerfile / - - ############################################# # CLEANUP -RUN yum clean all -RUN rm -rfv /var/cache/yum -RUN rm -rvf /opt/*.rpm -RUN rm -rvf /opt/*.gem +RUN yum clean all && rm -rf /var/cache/yum && rm -rf /opt/*.rpm && rm -rf /opt/*.gem EXPOSE 8140 -USER puppet - +# To ensure all the scripts are executable by the puppet user ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"] CMD ["foreground"] +USER puppet + # k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK -HEALTHCHECK --interval=10s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"] \ No newline at end of file +HEALTHCHECK --interval=10s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"] -- GitLab From 3b29bd13f15c358cde4ae681a85a12159a7d5e36 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Wed, 21 Oct 2020 16:00:09 -0400 Subject: [PATCH 2/6] removed an errant char that cause the build to fail --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index d07e47b..582d134 100644 --- a/Dockerfile +++ b/Dockerfile @@ -85,7 +85,7 @@ COPY scripts/docker-entrypoint.sh \ RUN mkdir /docker-entrypoint.d && \ chmod 0755 /docker-entrypoint.d -COPY scripts/10-analytics.sh scripts/20-use-templates-initially.sh scripts/30-set-permissions.sh i\ +COPY scripts/10-analytics.sh scripts/20-use-templates-initially.sh scripts/30-set-permissions.sh \ scripts/40-update-puppetdb-conf.sh scripts/50-set-certname.sh scripts/55-set-masterport.sh \ scripts/60-setup-autosign.sh scripts/70-set-dns-alt-names.sh scripts/80-ca.sh \ scripts/85-setup-storeconfigs.sh scripts/90-log-config.sh /docker-entrypoint.d/ -- GitLab From 9f58f22c4846f909397edcf2cc1fc77ca7726672 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Wed, 21 Oct 2020 16:21:28 -0400 Subject: [PATCH 3/6] debugging a layer --- Dockerfile | 32 +++----------------------------- 1 file changed, 3 insertions(+), 29 deletions(-) diff --git a/Dockerfile b/Dockerfile index 582d134..2f1c254 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,6 @@ # # BASE IMAGE # -#ARG BASE_REGISTRY=nexus-docker-secure.levelup-nexus.svc.cluster.local:18082 ARG BASE_REGISTRY=registry1.dsop.io/ironbank ARG BASE_IMAGE=ironbank/redhat/openjdk/openjdk8 ARG BASE_TAG=8.2 @@ -19,27 +18,6 @@ LABEL name="Puppet Server" \ description="Puppet Server Image" -#COPY puppetserver-6.13.0-1.el8.noarch.rpm /opt/puppetserver-6.13.0-1.el8.noarch.rpm -#COPY puppetdb-6.12.0-1.el8.noarch.rpm /opt/puppetdb-6.12.0-1.el8.noarch.rpm -#COPY puppet-agent-6.18.0-1.el8.x86_64.rpm /opt/puppet-agent-6.18.0-1.el8.x86_64.rpm -#COPY puppetdb-termini-6.12.0-1.el8.noarch.rpm /opt/puppetdb-termini-6.12.0-1.el8.noarch.rpm -#COPY colored2-3.1.2.gem /opt/colored2-3.1.2.gem -#COPY cri-2.15.10.gem /opt/cri-2.15.10.gem -#COPY faraday-0.17.3.gem /opt/faraday-0.17.3.gem -#COPY faraday_middleware-0.14.0.gem /opt/faraday_middleware-0.14.0.gem -#COPY fast_gettext-1.1.2.gem /opt/fast_gettext-1.1.2.gem -#COPY gettext-3.2.9.gem /opt/gettext-3.2.9.gem -#COPY gettext-setup-0.34.gem /opt/gettext-setup-0.34.gem -#COPY locale-2.1.3.gem /opt/locale-2.1.3.gem -#COPY log4r-1.1.10.gem /opt/log4r-1.1.10.gem -#COPY minitar-0.9.gem /opt/minitar-0.9.gem -#COPY multi_json-1.15.0.gem /opt/multi_json-1.15.0.gem -#COPY multipart-post-2.1.1.gem /opt/multipart-post-2.1.1.gem -#COPY puppet_forge-2.3.4.gem /opt/puppet_forge-2.3.4.gem -#COPY r10k-3.6.0.gem /opt/r10k-3.6.0.gem -#COPY semantic_puppet-1.0.2.gem /opt/semantic_puppet-1.0.2.gem -#COPY text-1.3.1.gem /opt/text-1.3.1.gem - COPY puppetserver-6.13.0-1.el8.noarch.rpm \ puppetdb-6.12.0-1.el8.noarch.rpm \ puppet-agent-6.18.0-1.el8.x86_64.rpm \ @@ -76,8 +54,6 @@ ENV PUPPETSERVER_JAVA_ARGS="-Xms512m -Xmx512m" \ PUPPET_REPORTS="puppetdb" - - COPY scripts/docker-entrypoint.sh \ scripts/healthcheck.sh \ / @@ -95,11 +71,9 @@ RUN chmod +x /docker-entrypoint.sh /healthcheck.sh && \ -RUN gem install --local --no-rdoc --no-ri --ignore-dependencies /opt/*.gem && \ - puppet config set autosign true --section master && \ - cp -pr /etc/puppetlabs/puppet /var/tmp && \ - cp -pr /opt/puppetlabs/server/data/puppetserver /var/tmp && \ - rm -rf /var/tmp/puppet/ssl +RUN gem install --local --no-rdoc --no-ri --ignore-dependencies /opt/*.gem && puppet config set autosign true --section master +RUN cp -pr /etc/puppetlabs/puppet /var/tmp && cp -pr /opt/puppetlabs/server/data/puppetserver /var/tmp +RUN rm -rf /var/tmp/puppet/ssl COPY scripts/puppetserver /etc/default/puppetserver COPY scripts/logback.xml \ -- GitLab From 0c837898bc738fa89666378b81226d1a68a5df34 Mon Sep 17 00:00:00 2001 From: jweatherford Date: Wed, 21 Oct 2020 16:51:12 -0400 Subject: [PATCH 4/6] one more try before going back to UBIwq --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2f1c254..62090c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # ARG BASE_REGISTRY=registry1.dsop.io/ironbank ARG BASE_IMAGE=ironbank/redhat/openjdk/openjdk8 -ARG BASE_TAG=8.2 +ARG BASE_TAG=latest FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} # -- GitLab From 01dbc7b4f8f92b08ab605207355c29fae6ce3cce Mon Sep 17 00:00:00 2001 From: jweatherford Date: Wed, 21 Oct 2020 17:06:38 -0400 Subject: [PATCH 5/6] rebase on UBI due to everything openjdk8 is missing --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 62090c3..4aa76b0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ # # BASE IMAGE -# +# UBI 8 is required, openjdk8 is missing a lot that is required ARG BASE_REGISTRY=registry1.dsop.io/ironbank -ARG BASE_IMAGE=ironbank/redhat/openjdk/openjdk8 -ARG BASE_TAG=latest +ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 +ARG BASE_TAG=8.2 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} # -- GitLab From 1486838cb663285985763c24033e462e441f2d4d Mon Sep 17 00:00:00 2001 From: jweatherford Date: Wed, 21 Oct 2020 17:26:28 -0400 Subject: [PATCH 6/6] rebase on openjdk8, found a mistake I made --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4aa76b0..1e9b431 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,8 +2,8 @@ # BASE IMAGE # UBI 8 is required, openjdk8 is missing a lot that is required ARG BASE_REGISTRY=registry1.dsop.io/ironbank -ARG BASE_IMAGE=ironbank/redhat/ubi/ubi8 -ARG BASE_TAG=8.2 +ARG BASE_IMAGE=ironbank/redhat/openjdk/openjdk88 +ARG BASE_TAG=latest FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} # @@ -67,7 +67,7 @@ COPY scripts/10-analytics.sh scripts/20-use-templates-initially.sh scripts/30-se scripts/85-setup-storeconfigs.sh scripts/90-log-config.sh /docker-entrypoint.d/ -RUN chmod +x /docker-entrypoint.sh /healthcheck.sh && \ +RUN chmod +x /docker-entrypoint.sh /healthcheck.sh -- GitLab