From a9712cff8647725d90575f80b3e9affbe79dae5e Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 25 Oct 2024 11:17:36 +0200 Subject: [PATCH 1/2] feat: streamline Dockerfile --- puppetdb/Dockerfile | 136 ++++++++++++++++---------------------------- 1 file changed, 50 insertions(+), 86 deletions(-) diff --git a/puppetdb/Dockerfile b/puppetdb/Dockerfile index ae6a9ae2e..4e3695897 100644 --- a/puppetdb/Dockerfile +++ b/puppetdb/Dockerfile @@ -1,18 +1,36 @@ -# Determines source "edge" or binary "release" builds -ARG build_type=release -ARG UBUNTU_CODENAME=jammy -# NOTE: never pass as a build-arg / must match .dockerenv -- used in logback.xml -ARG LOGDIR=/opt/puppetlabs/server/data/puppetdb/logs +FROM ubuntu:24.04 -###################################################### -# base -###################################################### +ARG vcs_ref +ARG build_date +ARG build_type -FROM ubuntu:22.04 as base +LABEL org.label-schema.maintainer="Voxpupuli Release Team " \ + org.label-schema.vendor="Vox Pupuli" \ + org.label-schema.url="https://github.com/voxpupuli/container-puppetdb" \ + org.label-schema.license="Apache-2.0" \ + org.label-schema.vcs-url="https://github.com/voxpupuli/container-puppetdb" \ + org.label-schema.schema-version="1.0" \ + org.label-schema.dockerfile="/Dockerfile" \ + org.label-schema.name="PuppetDB ($build_type)" \ + org.label-schema.vcs-ref="$vcs_ref" \ + org.label-schema.build-date="$build_date" ARG DUMB_INIT_VERSION="1.2.5" -ARG LOGDIR ARG TARGETARCH +# ! Fix me: use jammy as long as noble is not released +ARG UBUNTU_CODENAME=jammy + +ARG LOGDIR +ENV LOGDIR=${LOGDIR:-/opt/puppetlabs/server/data/puppetdb/logs} + +ARG PUPPET_RELEASE +ENV PUPPET_RELEASE=${PUPPET_RELEASE:-8} + +ARG PUPPETDB_VERSION +ENV PUPPETDB_VERSION=${PUPPETDB_VERSION:-8.8.0} + +ARG SSLDIR +ENV SSLDIR=${SSLDIR:-/opt/puppetlabs/server/data/puppetdb/certs} ENV PUPPETDB_POSTGRES_HOSTNAME="postgres" \ PUPPETDB_POSTGRES_PORT="5432" \ @@ -28,99 +46,38 @@ ENV PUPPETDB_POSTGRES_HOSTNAME="postgres" \ # used by entrypoint to determine if puppetserver should be contacted for config # set to false when container tests are run USE_PUPPETSERVER=true \ -# this value may be set by users, keeping in mind that some of these values are mandatory -# -Djavax.net.debug=ssl may be particularly useful to set for debugging SSL - PUPPETDB_JAVA_ARGS="-Djava.net.preferIPv4Stack=true -Xms256m -Xmx256m -XX:+UseParallelGC -Xlog:gc*:file=$LOGDIR/puppetdb_gc.log -Djdk.tls.ephemeralDHKeySize=2048" + # this value may be set by users, keeping in mind that some of these values are mandatory + # -Djavax.net.debug=ssl may be particularly useful to set for debugging SSL + PUPPETDB_JAVA_ARGS="-Djava.net.preferIPv4Stack=true -Xms256m -Xmx256m -XX:+UseParallelGC -Xlog:gc*:file=$LOGDIR/puppetdb_gc.log -Djdk.tls.ephemeralDHKeySize=2048" \ + PUPPET_DEB=puppet${PUPPET_RELEASE}-release-${UBUNTU_CODENAME}.deb \ + DEBIAN_FRONTEND=noninteractive # puppetdb data and generated certs VOLUME /opt/puppetlabs/server/data/puppetdb -LABEL org.label-schema.maintainer="Voxpupuli Release Team " \ - org.label-schema.vendor="Vox Pupuli" \ - org.label-schema.url="https://github.com/voxpupuli/container-puppetdb" \ - org.label-schema.license="Apache-2.0" \ - org.label-schema.vcs-url="https://github.com/voxpupuli/container-puppetdb" \ - org.label-schema.schema-version="1.0" \ - org.label-schema.dockerfile="/Dockerfile" - -# NOTE: this is just documentation on defaults -EXPOSE 8080 8081 - -ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"] -CMD ["foreground"] - -# The start-period is just a wild guess how long it takes PuppetDB to come -# up in the worst case. The other timing parameters are set so that it -# takes at most a minute to realize that PuppetDB has failed. -# Probe failure during --start-period will not be counted towards the maximum number of retries -# NOTE: k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK -HEALTHCHECK --start-period=5m --interval=10s --timeout=10s --retries=6 CMD ["/healthcheck.sh"] +ADD https://apt.puppet.com/${PUPPET_DEB} /${PUPPET_DEB} -# hadolint ignore=DL3020 ADD ssl.sh \ wtfc.sh \ - https://github.com/Yelp/dumb-init/releases/download/v"$DUMB_INIT_VERSION"/dumb-init_"$DUMB_INIT_VERSION"_"$TARGETARCH".deb \ docker-entrypoint.sh \ healthcheck.sh \ / COPY docker-entrypoint.d /docker-entrypoint.d -# hadolint ignore=DL3009 -ENV DEBIAN_FRONTEND noninteractive -RUN apt update && \ - apt install --no-install-recommends -y ca-certificates curl dnsutils netcat && \ - chmod +x /ssl.sh /wtfc.sh /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh && \ - dpkg -i dumb-init_"$DUMB_INIT_VERSION"_"$TARGETARCH".deb && \ - rm dumb-init_"$DUMB_INIT_VERSION"_"$TARGETARCH".deb - -###################################################### -# release (build from packages) -###################################################### - -FROM base as release - -ARG PUPPET_RELEASE -ENV PUPPET_RELEASE=${PUPPET_RELEASE:-7} - -ARG PUPPETDB_VERSION -ENV PUPPETDB_VERSION=${PUPPETDB_VERSION:-7.14.0} - -ARG UBUNTU_CODENAME - -###################################################### -# final image -###################################################### - -# dynamically selects "edge" or "release" alias based on ARG -# hadolint ignore=DL3006 -FROM ${build_type} as final - -ARG UBUNTU_CODENAME -ARG vcs_ref -ARG build_date -ARG build_type - -ARG LOGDIR -ENV LOGDIR=${LOGDIR:-/opt/puppetlabs/server/data/puppetdb/logs} - -ARG SSLDIR -ENV SSLDIR=${SSLDIR:-/opt/puppetlabs/server/data/puppetdb/certs} - -ENV PUPPET_DEB=puppet${PUPPET_RELEASE}-release-${UBUNTU_CODENAME}.deb -ADD https://apt.puppet.com/${PUPPET_DEB} /${PUPPET_DEB} - RUN dpkg -i /${PUPPET_DEB} && \ rm /${PUPPET_DEB} && \ apt update && \ + apt install --no-install-recommends -y ca-certificates curl dnsutils netcat-traditional dumb-init && \ + chmod +x /ssl.sh /wtfc.sh /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh && \ apt install --no-install-recommends -y puppetdb=${PUPPETDB_VERSION}-1${UBUNTU_CODENAME} && \ apt install --no-install-recommends -y openjdk-17-jre-headless && \ apt autoremove && \ rm -rf /var/lib/apt/lists/* && \ mkdir -p "$LOGDIR" && \ chown puppetdb:puppetdb "$LOGDIR" && \ -# We want to use the HOCON database.conf and config.conf files, so get rid -# of the packaged files + # We want to use the HOCON database.conf and config.conf files, so get rid + # of the packaged files rm -f /etc/puppetlabs/puppetdb/conf.d/database.ini && \ rm -f /etc/puppetlabs/puppetdb/conf.d/config.ini @@ -129,10 +86,17 @@ COPY logback.xml \ /etc/puppetlabs/puppetdb/ COPY conf.d /etc/puppetlabs/puppetdb/conf.d/ COPY puppetdb /etc/default/puppetdb +COPY Dockerfile / -LABEL org.label-schema.name="PuppetDB ($build_type)" \ - org.label-schema.vcs-ref="$vcs_ref" \ - org.label-schema.version="$PUPPETDB_VERSION" \ - org.label-schema.build-date="$build_date" +# The start-period is just a wild guess how long it takes PuppetDB to come +# up in the worst case. The other timing parameters are set so that it +# takes at most a minute to realize that PuppetDB has failed. +# Probe failure during --start-period will not be counted towards the maximum number of retries +# NOTE: k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK +HEALTHCHECK --start-period=5m --interval=10s --timeout=10s --retries=6 CMD ["/healthcheck.sh"] -COPY Dockerfile / +# NOTE: this is just documentation on defaults +EXPOSE 8080 8081 + +ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"] +CMD ["foreground"] From 3c527d00c3acb73921b0112bcbda163f4f7cb050 Mon Sep 17 00:00:00 2001 From: Robert Waffen Date: Fri, 25 Oct 2024 13:08:46 +0200 Subject: [PATCH 2/2] fix: go back to 22 and wait for offical 24 packages --- puppetdb/Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/puppetdb/Dockerfile b/puppetdb/Dockerfile index 4e3695897..7314651fd 100644 --- a/puppetdb/Dockerfile +++ b/puppetdb/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:24.04 +FROM ubuntu:22.04 ARG vcs_ref ARG build_date @@ -17,7 +17,6 @@ LABEL org.label-schema.maintainer="Voxpupuli Release Team " ARG DUMB_INIT_VERSION="1.2.5" ARG TARGETARCH -# ! Fix me: use jammy as long as noble is not released ARG UBUNTU_CODENAME=jammy ARG LOGDIR