OpenNMS: opennms-container/minion/Dockerfile

"Fossies" - the Fresh Open Source Software Archive

Member "opennms-31.0.8/opennms-container/minion/Dockerfile" (9 May 2023, 4872 Bytes) of package /linux/misc/opennms-31.0.8-source.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "Dockerfile":

31.0.5_vs_31.0.6.

1 ## 2 # Pre-stage image to extract and manipulate Minion directory structure 3 # Normally we install to /opt/minion and not /opt/minion-XX.X.X-SNAPSHOT 4 # To avoid issues, we rearrange the directories in pre-stage to avoid injecting these 5 # as additional layers into the final image. 6 ## 7 ARG BASE_IMAGE="opennms/deploy-base:jre-2.1.0.b175" 8 9 FROM ${BASE_IMAGE} as minion-base 10 11 ADD --chown=10001:0 ./tarball-root/ /opt/minion/ 12 RUN rm /opt/minion/etc/org.opennms.features.telemetry.listeners-single-port-flows.cfg 13 RUN chmod -R g-w /opt/minion && \ 14 chmod -R g=u \ 15 /opt/minion/etc \ 16 /opt/minion/data \ 17 && \ 18 chmod -R a+x /opt/minion/bin && \ 19 chmod g=u /opt/minion && \ 20 find \ 21 /opt/minion/data \ 22 /opt/minion/deploy \ 23 /opt/minion/system \ 24 /opt/minion/repositories \ 25 -type d -print0 | xargs -0 chmod 2775 26 27 ## 28 # Download plugins 29 ## 30 FROM ${BASE_IMAGE} as minion-plugins 31 32 COPY plugins.sh /tmp/plugins.sh 33 RUN chmod +x /tmp/plugins.sh && cd /tmp && ./plugins.sh && rm ./plugins.sh 34 35 ## 36 # Prod image with minimal image size 37 ## 38 FROM ${BASE_IMAGE} 39 40 ARG REQUIRED_DEBS="hostname uuid-runtime rsync" 41 42 # Prevent prompts 43 ENV DEBIAN_FRONTEND=noninteractive 44 45 # Collect generic steps in a layer for caching 46 47 # import keys & install required debs 48 RUN apt-get update && \ 49 apt-get --no-install-recommends install -yq ${REQUIRED_DEBS} && \ 50 apt-get -y autoclean && \ 51 apt-get -y clean && \ 52 rm -rf /var/cache/apt 53 54 # get any security updates for the base system 55 RUN grep security /etc/apt/sources.list > /etc/apt/security.sources.list && \ 56 apt update -o Dir::Etc::SourceList=/etc/apt/security.sources.list && \ 57 apt -y -u -o Dir::Etc::SourceList=/etc/apt/security.sources.list full-upgrade && \ 58 apt clean && \ 59 rm -rf /var/cache/apt /etc/apt/security.sources.list 60 61 RUN groupadd \ 62 --gid 10001 \ 63 minion && \ 64 useradd \ 65 --system \ 66 --uid 10001 \ 67 --gid 10001 \ 68 --home-dir /opt/minion \ 69 --no-create-home \ 70 --shell /usr/bin/bash \ 71 minion 72 73 # https://issues.opennms.org/browse/NMS-12635 74 # It is possible to set sysctls: net.ipv4.ping_group_range=0 10001 which allows the container using sockets. If we run on 75 # infrastructure which doesn't allow whitelisting net.ipv4.ping_group_range as a safe sysctl (Kubernetes < 1.18) the 76 # minimal solution is giving the Java binary the cap_net_raw+ep capabilities. 77 RUN setcap cap_net_raw+ep $(readlink -f /usr/bin/java) 78 79 # Install entrypoint wrapper and health check script 80 COPY container-fs/entrypoint.sh / 81 COPY container-fs/health.sh / 82 83 # If you copy from /opt/minion to /opt/minion the permissions are not preserved 84 # We would have 755 for minion:root instead of 775 and prevents writing lock files in /opt/minion 85 COPY --chown=10001:0 --from=minion-base /opt /opt 86 COPY --chown=10001:0 --from=minion-plugins /opt/usr-plugins /opt/minion/deploy 87 88 # Install confd.io configuration files and scripts and ensure they are executable 89 COPY ./container-fs/confd/ /opt/minion/confd/ 90 RUN chmod +x /opt/minion/confd/scripts/* 91 COPY ./minion-config-schema.yml /opt/minion/confd/ 92 93 # Create the directory for server certificates 94 RUN install -d -m 750 /opt/minion/server-certs 95 96 # Arguments for labels should not invalidate caches 97 ARG BUILD_DATE="1970-01-01T00:00:00+0000" 98 ARG VERSION 99 ARG SOURCE 100 ARG REVISION 101 ARG BUILD_JOB_ID 102 ARG BUILD_NUMBER 103 ARG BUILD_URL 104 ARG BUILD_BRANCH 105 106 LABEL org.opencontainers.image.created="${BUILD_DATE}" \ 107 org.opencontainers.image.title="OpenNMS Minion ${VERSION}" \ 108 org.opencontainers.image.source="${SOURCE}" \ 109 org.opencontainers.image.revision="${REVISION}" \ 110 org.opencontainers.image.version="${VERSION}" \ 111 org.opencontainers.image.vendor="The OpenNMS Group, Inc." \ 112 org.opencontainers.image.authors="OpenNMS Community" \ 113 org.opencontainers.image.licenses="AGPL-3.0" \ 114 org.opennms.image.base="${BASE_IMAGE}" \ 115 org.opennms.cicd.jobid="${BUILD_JOB_ID}" \ 116 org.opennms.cicd.buildnumber="${BUILD_NUMBER}" \ 117 org.opennms.cicd.buildurl="${BUILD_URL}" \ 118 org.opennms.cicd.branch="${BUILD_BRANCH}" 119 120 WORKDIR /opt/minion 121 122 USER 10001 123 124 ENTRYPOINT [ "/entrypoint.sh" ] 125 126 STOPSIGNAL SIGTERM 127 128 CMD [ "-f" ] 129 130 ### Runtime information and not relevant at build time 131 ENV MINION_ID="00000000-0000-0000-0000-deadbeef0001" \ 132 MINION_LOCATION="MINION" \ 133 OPENNMS_BROKER_URL="tcp://127.0.0.1:61616" \ 134 OPENNMS_HTTP_USER="minion" \ 135 OPENNMS_HTTP_PASS="minion" \ 136 OPENNMS_BROKER_USER="minion" \ 137 OPENNMS_BROKER_PASS="minion" 138 139 ##------------------------------------------------------------------------------ 140 ## EXPOSED PORTS 141 ##------------------------------------------------------------------------------ 142 ## -- OpenNMS KARAF SSH 8201/TCP 143 ## -- SNMP Trapd 1162/UDP 144 ## -- Syslog 1514/UDP 145 EXPOSE 8201/tcp 1162/udp 1514/udp