-
-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #87 from voxpupuli/streamline_dockerfile
feat: streamline Dockerfile
- Loading branch information
Showing
1 changed file
with
49 additions
and
86 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,18 +1,35 @@ | ||
# Determines source "edge" or binary "release" builds | ||
ARG build_type=release | ||
ARG UBUNTU_CODENAME=jammy | ||
# NOTE: never pass as a build-arg / must match .dockerenv -- used in logback.xml | ||
ARG LOGDIR=/opt/puppetlabs/server/data/puppetdb/logs | ||
FROM ubuntu:22.04 | ||
|
||
###################################################### | ||
# base | ||
###################################################### | ||
ARG vcs_ref | ||
ARG build_date | ||
ARG build_type | ||
|
||
FROM ubuntu:22.04 as base | ||
LABEL org.label-schema.maintainer="Voxpupuli Release Team <[email protected]>" \ | ||
org.label-schema.vendor="Vox Pupuli" \ | ||
org.label-schema.url="https://github.com/voxpupuli/container-puppetdb" \ | ||
org.label-schema.license="Apache-2.0" \ | ||
org.label-schema.vcs-url="https://github.com/voxpupuli/container-puppetdb" \ | ||
org.label-schema.schema-version="1.0" \ | ||
org.label-schema.dockerfile="/Dockerfile" \ | ||
org.label-schema.name="PuppetDB ($build_type)" \ | ||
org.label-schema.vcs-ref="$vcs_ref" \ | ||
org.label-schema.build-date="$build_date" | ||
|
||
ARG DUMB_INIT_VERSION="1.2.5" | ||
ARG LOGDIR | ||
ARG TARGETARCH | ||
ARG UBUNTU_CODENAME=jammy | ||
|
||
ARG LOGDIR | ||
ENV LOGDIR=${LOGDIR:-/opt/puppetlabs/server/data/puppetdb/logs} | ||
|
||
ARG PUPPET_RELEASE | ||
ENV PUPPET_RELEASE=${PUPPET_RELEASE:-8} | ||
|
||
ARG PUPPETDB_VERSION | ||
ENV PUPPETDB_VERSION=${PUPPETDB_VERSION:-8.8.0} | ||
|
||
ARG SSLDIR | ||
ENV SSLDIR=${SSLDIR:-/opt/puppetlabs/server/data/puppetdb/certs} | ||
|
||
ENV PUPPETDB_POSTGRES_HOSTNAME="postgres" \ | ||
Check warning on line 34 in puppetdb/Dockerfile GitHub Actions / build-and-push-container (7, 7.20.0)Sensitive data should not be used in the ARG or ENV commands
Check warning on line 34 in puppetdb/Dockerfile GitHub Actions / build-and-push-container (8, 8.8.0)Sensitive data should not be used in the ARG or ENV commands
|
||
PUPPETDB_POSTGRES_PORT="5432" \ | ||
|
@@ -28,99 +45,38 @@ ENV PUPPETDB_POSTGRES_HOSTNAME="postgres" \ | |
# used by entrypoint to determine if puppetserver should be contacted for config | ||
# set to false when container tests are run | ||
USE_PUPPETSERVER=true \ | ||
# this value may be set by users, keeping in mind that some of these values are mandatory | ||
# -Djavax.net.debug=ssl may be particularly useful to set for debugging SSL | ||
PUPPETDB_JAVA_ARGS="-Djava.net.preferIPv4Stack=true -Xms256m -Xmx256m -XX:+UseParallelGC -Xlog:gc*:file=$LOGDIR/puppetdb_gc.log -Djdk.tls.ephemeralDHKeySize=2048" | ||
# this value may be set by users, keeping in mind that some of these values are mandatory | ||
# -Djavax.net.debug=ssl may be particularly useful to set for debugging SSL | ||
PUPPETDB_JAVA_ARGS="-Djava.net.preferIPv4Stack=true -Xms256m -Xmx256m -XX:+UseParallelGC -Xlog:gc*:file=$LOGDIR/puppetdb_gc.log -Djdk.tls.ephemeralDHKeySize=2048" \ | ||
PUPPET_DEB=puppet${PUPPET_RELEASE}-release-${UBUNTU_CODENAME}.deb \ | ||
DEBIAN_FRONTEND=noninteractive | ||
|
||
# puppetdb data and generated certs | ||
VOLUME /opt/puppetlabs/server/data/puppetdb | ||
|
||
LABEL org.label-schema.maintainer="Voxpupuli Release Team <[email protected]>" \ | ||
org.label-schema.vendor="Vox Pupuli" \ | ||
org.label-schema.url="https://github.com/voxpupuli/container-puppetdb" \ | ||
org.label-schema.license="Apache-2.0" \ | ||
org.label-schema.vcs-url="https://github.com/voxpupuli/container-puppetdb" \ | ||
org.label-schema.schema-version="1.0" \ | ||
org.label-schema.dockerfile="/Dockerfile" | ||
|
||
# NOTE: this is just documentation on defaults | ||
EXPOSE 8080 8081 | ||
|
||
ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"] | ||
CMD ["foreground"] | ||
|
||
# The start-period is just a wild guess how long it takes PuppetDB to come | ||
# up in the worst case. The other timing parameters are set so that it | ||
# takes at most a minute to realize that PuppetDB has failed. | ||
# Probe failure during --start-period will not be counted towards the maximum number of retries | ||
# NOTE: k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK | ||
HEALTHCHECK --start-period=5m --interval=10s --timeout=10s --retries=6 CMD ["/healthcheck.sh"] | ||
ADD https://apt.puppet.com/${PUPPET_DEB} /${PUPPET_DEB} | ||
|
||
# hadolint ignore=DL3020 | ||
ADD ssl.sh \ | ||
wtfc.sh \ | ||
https://github.com/Yelp/dumb-init/releases/download/v"$DUMB_INIT_VERSION"/dumb-init_"$DUMB_INIT_VERSION"_"$TARGETARCH".deb \ | ||
docker-entrypoint.sh \ | ||
healthcheck.sh \ | ||
/ | ||
|
||
COPY docker-entrypoint.d /docker-entrypoint.d | ||
|
||
# hadolint ignore=DL3009 | ||
ENV DEBIAN_FRONTEND noninteractive | ||
RUN apt update && \ | ||
apt install --no-install-recommends -y ca-certificates curl dnsutils netcat && \ | ||
chmod +x /ssl.sh /wtfc.sh /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh && \ | ||
dpkg -i dumb-init_"$DUMB_INIT_VERSION"_"$TARGETARCH".deb && \ | ||
rm dumb-init_"$DUMB_INIT_VERSION"_"$TARGETARCH".deb | ||
|
||
###################################################### | ||
# release (build from packages) | ||
###################################################### | ||
|
||
FROM base as release | ||
|
||
ARG PUPPET_RELEASE | ||
ENV PUPPET_RELEASE=${PUPPET_RELEASE:-7} | ||
|
||
ARG PUPPETDB_VERSION | ||
ENV PUPPETDB_VERSION=${PUPPETDB_VERSION:-7.14.0} | ||
|
||
ARG UBUNTU_CODENAME | ||
|
||
###################################################### | ||
# final image | ||
###################################################### | ||
|
||
# dynamically selects "edge" or "release" alias based on ARG | ||
# hadolint ignore=DL3006 | ||
FROM ${build_type} as final | ||
|
||
ARG UBUNTU_CODENAME | ||
ARG vcs_ref | ||
ARG build_date | ||
ARG build_type | ||
|
||
ARG LOGDIR | ||
ENV LOGDIR=${LOGDIR:-/opt/puppetlabs/server/data/puppetdb/logs} | ||
|
||
ARG SSLDIR | ||
ENV SSLDIR=${SSLDIR:-/opt/puppetlabs/server/data/puppetdb/certs} | ||
|
||
ENV PUPPET_DEB=puppet${PUPPET_RELEASE}-release-${UBUNTU_CODENAME}.deb | ||
ADD https://apt.puppet.com/${PUPPET_DEB} /${PUPPET_DEB} | ||
|
||
RUN dpkg -i /${PUPPET_DEB} && \ | ||
rm /${PUPPET_DEB} && \ | ||
apt update && \ | ||
apt install --no-install-recommends -y ca-certificates curl dnsutils netcat-traditional dumb-init && \ | ||
chmod +x /ssl.sh /wtfc.sh /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh && \ | ||
apt install --no-install-recommends -y puppetdb=${PUPPETDB_VERSION}-1${UBUNTU_CODENAME} && \ | ||
apt install --no-install-recommends -y openjdk-17-jre-headless && \ | ||
apt autoremove && \ | ||
rm -rf /var/lib/apt/lists/* && \ | ||
mkdir -p "$LOGDIR" && \ | ||
chown puppetdb:puppetdb "$LOGDIR" && \ | ||
# We want to use the HOCON database.conf and config.conf files, so get rid | ||
# of the packaged files | ||
# We want to use the HOCON database.conf and config.conf files, so get rid | ||
# of the packaged files | ||
rm -f /etc/puppetlabs/puppetdb/conf.d/database.ini && \ | ||
rm -f /etc/puppetlabs/puppetdb/conf.d/config.ini | ||
|
||
|
@@ -129,10 +85,17 @@ COPY logback.xml \ | |
/etc/puppetlabs/puppetdb/ | ||
COPY conf.d /etc/puppetlabs/puppetdb/conf.d/ | ||
COPY puppetdb /etc/default/puppetdb | ||
COPY Dockerfile / | ||
|
||
LABEL org.label-schema.name="PuppetDB ($build_type)" \ | ||
org.label-schema.vcs-ref="$vcs_ref" \ | ||
org.label-schema.version="$PUPPETDB_VERSION" \ | ||
org.label-schema.build-date="$build_date" | ||
# The start-period is just a wild guess how long it takes PuppetDB to come | ||
# up in the worst case. The other timing parameters are set so that it | ||
# takes at most a minute to realize that PuppetDB has failed. | ||
# Probe failure during --start-period will not be counted towards the maximum number of retries | ||
# NOTE: k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK | ||
HEALTHCHECK --start-period=5m --interval=10s --timeout=10s --retries=6 CMD ["/healthcheck.sh"] | ||
|
||
COPY Dockerfile / | ||
# NOTE: this is just documentation on defaults | ||
EXPOSE 8080 8081 | ||
|
||
ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"] | ||
CMD ["foreground"] |