OpenNMS: opennms-container/sentinel/Dockerfile

"Fossies" - the Fresh Open Source Software Archive

Member "opennms-31.0.8/opennms-container/sentinel/Dockerfile" (9 May 2023, 5308 Bytes) of package /linux/misc/opennms-31.0.8-source.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "Dockerfile":

31.0.4_vs_31.0.5.

1 ## 2 # Use Java base image and setup required DEBS as cacheable image. 3 ## 4 ARG BASE_IMAGE="opennms/deploy-base:jre-2.1.0.b175" 5 6 FROM ${BASE_IMAGE} as sentinel-tarball 7 8 ADD --chown=10001:0 ./tarball-root/ /opt/usr-share/sentinel/ 9 RUN chmod -R g-w /opt/usr-share/sentinel && \ 10 chmod -R g=u \ 11 /opt/usr-share/sentinel/etc \ 12 /opt/usr-share/sentinel/data \ 13 && \ 14 chmod -R a+x /opt/usr-share/sentinel/bin && \ 15 chmod g=u /opt/usr-share/sentinel && \ 16 find \ 17 /opt/usr-share/sentinel/data \ 18 /opt/usr-share/sentinel/deploy \ 19 /opt/usr-share/sentinel/system \ 20 /opt/usr-share/sentinel/repositories \ 21 -type d -print0 | xargs -0 chmod 2775 22 23 FROM ${BASE_IMAGE} as sentinel-base 24 25 ARG REQUIRED_DEBS="hostname wget gettext openssh-client uuid-runtime rsync" 26 27 ARG REPO_KEY_URL="https://debian.opennms.org/OPENNMS-GPG-KEY" 28 29 SHELL ["/bin/bash", "-c"] 30 31 # Prevent prompts 32 ENV DEBIAN_FRONTEND=noninteractive 33 34 # Collect generic steps in a layer for caching 35 # import keys & install required debs 36 RUN apt-get update && \ 37 apt-get --no-install-recommends install -yq gnupg ca-certificates && \ 38 curl -fsSL ${REPO_KEY_URL} | apt-key add && \ 39 apt-get --no-install-recommends install -yq ${REQUIRED_DEBS} && \ 40 apt-get -y autoclean && \ 41 apt-get -y clean && \ 42 rm -rf /var/cache/apt 43 44 # get any security updates for the base system 45 RUN grep security /etc/apt/sources.list > /etc/apt/security.sources.list && \ 46 apt update -o Dir::Etc::SourceList=/etc/apt/security.sources.list && \ 47 apt -y -u -o Dir::Etc::SourceList=/etc/apt/security.sources.list full-upgrade && \ 48 apt clean && \ 49 rm -rf /var/cache/apt /etc/apt/security.sources.list 50 51 ## 52 # Download plugins 53 ## 54 FROM ${BASE_IMAGE} as sentinel-plugins 55 56 COPY plugins.sh /tmp/plugins.sh 57 RUN chmod +x /tmp/plugins.sh && cd /tmp && ./plugins.sh && rm ./plugins.sh 58 59 ## 60 # Install and setup OpenNMS Sentinel 61 ## 62 FROM sentinel-base 63 64 # If you copy from /usr/share/sentinel to /usr/share/sentinel the permissions are not preserved 65 # We would have 755 for sentinel:root instead of 775 and prevents writing lock files in /usr/share/sentinel 66 COPY --chown=10001:0 --from=sentinel-tarball /opt/usr-share /usr/share 67 68 COPY --chown=10001:0 --from=sentinel-plugins /opt/usr-plugins /usr/share/opennms/deploy 69 70 SHELL ["/bin/bash", "-c"] 71 72 # Create Sentinel user with a specific group ID 73 RUN groupadd \ 74 --gid 10001 \ 75 sentinel && \ 76 useradd \ 77 --system \ 78 --uid 10001 \ 79 --gid 10001 \ 80 --home-dir /usr/share/sentinel \ 81 --no-create-home \ 82 --shell /usr/bin/bash \ 83 sentinel 84 85 ARG BUILD_DATE="1970-01-01T00:00:00+0000" 86 ARG REVISION 87 88 RUN id sentinel 89 RUN getent group sentinel 90 RUN getent passwd sentinel 91 92 # Install any spare packages and create some compatibility links 93 RUN install -d -o 10001 -g 0 -m 775 \ 94 /var/lib/sentinel \ 95 /usr/share/sentinel/data/{log,tmp} && \ 96 ln -s /usr/share/sentinel/data /var/lib/sentinel/data && \ 97 ln -s /usr/share/sentinel/deploy /var/lib/sentinel/deploy && \ 98 ln -s /usr/share/sentinel/etc /etc/sentinel && \ 99 ln -s /usr/share/sentinel /opt/sentinel 100 101 COPY ./container-fs/* / 102 103 # Allow to send ICMP messages as non-root user 104 RUN setcap cap_net_raw+ep ${JAVA_HOME}/bin/java && \ 105 echo ${JAVA_HOME}/lib/jli > /etc/ld.so.conf.d/java-latest.conf && \ 106 ldconfig 107 108 VOLUME [ "/usr/share/sentinel/deploy", "/usr/share/sentinel/etc", "/usr/share/sentinel/data" ] 109 110 WORKDIR /usr/share/sentinel 111 112 ### Containers should NOT run as root as a good practice 113 USER 10001 114 115 ENTRYPOINT [ "/entrypoint.sh" ] 116 117 STOPSIGNAL SIGTERM 118 119 CMD [ "-f" ] 120 121 # Arguments for labels should not invalidate caches 122 ARG VERSION 123 ARG SOURCE 124 ARG BUILD_JOB_ID 125 ARG BUILD_NUMBER 126 ARG BUILD_URL 127 ARG BUILD_BRANCH 128 129 LABEL org.opencontainers.image.created="${BUILD_DATE}" \ 130 org.opencontainers.image.title="OpenNMS Sentinel ${VERSION}" \ 131 org.opencontainers.image.source="${SOURCE}" \ 132 org.opencontainers.image.revision="${REVISION}" \ 133 org.opencontainers.image.version="${VERSION}" \ 134 org.opencontainers.image.vendor="The OpenNMS Group, Inc." \ 135 org.opencontainers.image.authors="OpenNMS Community" \ 136 org.opencontainers.image.licenses="AGPL-3.0" \ 137 org.opennms.image.base="${BASE_IMAGE}" \ 138 org.opennms.cicd.jobid="${BUILD_JOB_ID}" \ 139 org.opennms.cicd.buildnumber="${BUILD_NUMBER}" \ 140 org.opennms.cicd.buildurl="${BUILD_URL}" \ 141 org.opennms.cicd.branch="${BUILD_BRANCH}" 142 143 ### Runtime information and not relevant at build time 144 145 # TODO MVR SENTINEL_LOCATION is not used at the moment 146 ENV SENTINEL_HOME="/usr/share/sentinel" \ 147 SENTINEL_ID="" \ 148 SENTINEL_LOCATION="SENTINEL" \ 149 OPENNMS_BROKER_URL="tcp://127.0.0.1:61616" \ 150 OPENNMS_HTTP_USER="minion" \ 151 OPENNMS_HTTP_PASS="minion" \ 152 OPENNMS_BROKER_USER="minion" \ 153 OPENNMS_BROKER_PASS="minion" \ 154 POSTGRES_HOST="localhost" \ 155 POSTGRES_PORT="5432" \ 156 POSTGRES_USER="postgres" \ 157 POSTGRES_PASSWORD="" \ 158 POSTGRES_DB="opennms" 159 160 ##------------------------------------------------------------------------------ 161 ## EXPOSED PORTS 162 ##------------------------------------------------------------------------------ 163 ## -- Sentinel Karaf Debug 5005/TCP 164 ## -- Sentinel KARAF SSH 8301/TCP 165 166 EXPOSE 8301