Merge pull request #55 from jfrog/XrayRabbitmqFixes

Openshift Pipeline Images, Xray Call Home Fix and JFrog Rabbitmq Image cleanup

Author: John Peterson

Diff for: customize-example/Dockerfile.redhat-ubi

@@ -20,7 +20,7 @@ LABEL name="JFrog Artifactory Pro" \
 
 # Environment needed for Artifactory
 ENV ARTIFACTORY_USER_NAME=artifactory \
-    ARTIFACTORY_USER_ID=1030 \
+    ARTIFACTORY_USER_ID=1000721030 \
     ARTIFACTORY_HOME=/opt/jfrog/artifactory \
     ARTIFACTORY_DATA=/var/opt/jfrog/artifactory \
     ARTIFACTORY_EXTRA_CONF=/artifactory_extra_conf \

Diff for: customize-example/Dockerfile.redhat-ubi-jfrog-rabbitmq

@@ -0,0 +1,62 @@
+# BITNAMI DEBIAN-10 DOCKERFILE CAN BE FOUND HERE:
+# https://github.com/bitnami/bitnami-docker-rabbitmq/blob/master/3.8/debian-10/Dockerfile
+# JFROG REDHAT UBI PORT TO WORK IN BITNAMI RABBITMQ HELM CHARTS
+
+FROM bitnami/rabbitmq:3.8.3-debian-10-r40 as base
+
+FROM registry.access.redhat.com/ubi8
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
+LABEL name="JFrog Rabbit MQ" \
+      description="JFrog Rabbit MQ image based on the Red Hat Universal Base Image." \
+      vendor="JFrog" \
+      summary="JFrog Rabbit MQ (Red Hat UBI)" \
+      com.jfrog.license_terms="https://jfrog.com/platform/enterprise-plus-eula/"
+
+ARG RABBITMQ_VERSION=3.8.3
+
+LABEL io.k8s.description="Lightweight open source message broker" \
+    io.k8s.display-name="RabbitMQ" \
+    io.openshift.expose-services="4369:epmd, 5671:amqp, 5672:amqp, 15672:http" \
+    io.openshift.tags="rabbitmq"
+
+# FIX THE LOCALE ISSUE
+RUN yum install -y --disableplugin=subscription-manager -y openssl curl ca-certificates fontconfig gzip glibc-langpack-en tar \
+    && yum  -y --disableplugin=subscription-manager update; yum --disableplugin=subscription-manager clean all
+
+
+ENV GPG_KEY="0A9AF2115F4687BD29803A206B73A36E6026DFCA" \
+    HOME=/var/lib/rabbitmq \
+    RABBITMQ_HOME=/opt/rabbitmq \
+    RABBITMQ_LOGS=- \
+    RABBITMQ_SASL_LOGS=- \
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.:en \
+    LC_ALL=en_US.UTF-8
+
+RUN yum install -y --disableplugin=subscription-manager xz
+RUN set -xe && \
+    curl -LO https://github.com/rabbitmq/erlang-rpm/releases/download/v23.0/erlang-23.0-1.el8.x86_64.rpm && \
+    rpm -Uvh ./erlang-23.0-1.el8.x86_64.rpm && \
+    rm *.rpm && \
+    INSTALL_PKGS="wget procps net-tools hostname" && \
+    yum install -y $INSTALL_PKGS && \
+    rm -rf /var/cache/yum
+
+# COPY OVER THE RABBITMQ LICENSES INTO THE FOLDER FOR REDHAT TO SCAN
+COPY --from=base /opt/bitnami /opt/bitnami
+RUN mkdir -p /licenses && chmod 0755 /licenses && cp -rf /opt/bitnami/rabbitmq/licenses/* /licenses
+
+RUN mkdir -p /opt/bitnami/rabbitmq/ && chown -R 0777 /opt/bitnami/rabbitmq/ && chown -R 1000721001:1000721001 /opt/bitnami/rabbitmq
+RUN mkdir -p /var/log/rabbitmq/log/ && chmod -R 0777 /var/log
+RUN mkdir -p /bitnami && chmod -R 0777 /bitnami
+ENV BITNAMI_APP_NAME="rabbitmq" \
+    LANG="en_US.UTF-8" \
+    LANGUAGE="en_US:en"
+
+EXPOSE 4369 5672 15672 25672
+
+USER 1000721001
+ENV PATH=/opt/bitnami/rabbitmq/sbin:$PATH
+RUN mkdir -p /opt/bitnami/rabbitmq/test
+ENTRYPOINT [ "/opt/bitnami/scripts/rabbitmq/entrypoint.sh" ]
+CMD [ "/opt/bitnami/scripts/rabbitmq/run.sh" ]

Diff for: customize-example/Dockerfile.redhat-ubi-pipelines-api

@@ -0,0 +1,50 @@
+ARG PIPELINES_BASE_VERSION
+
+FROM docker.bintray.io/jfrog/pipelines-api:${PIPELINES_BASE_VERSION} AS base
+
+# The new image based on registry.access.redhat.com/ubi
+FROM registry.access.redhat.com/ubi8/nodejs-10
+
+USER root
+
+LABEL name="JFrog Pipelines API" \
+      description="JFrog Pipelines API image based on the Red Hat Universal Base Image." \
+      vendor="JFrog" \
+      summary="JFrog Pipelines API (Red Hat UBI)" \
+      com.jfrog.license_terms="https://jfrog.com/platform/enterprise-plus-eula/"
+
+# Environment needed for Pipelines
+ENV JF_PIPELINES_USER=pipelines \
+    PIPELINES_USER_ID=1000721117 \
+    PIPELINES_VERSION=${PIPELINES_BASE_VERSION} \
+    JF_PRODUCT_HOME=/opt/jfrog/pipelines \
+    JF_PRODUCT_DATA_INTERNAL=/var/opt/jfrog/pipelines \
+    SERVICE_NAME=api \
+    APP_HOME_DIR=/opt/jfrog/pipelines/app/api \
+    LOG_DIR=/opt/jfrog/pipelines/var/log
+
+ENV LOG_DIR=/opt/jfrog/pipelines/var/log
+ENV NODE_PATH=/opt/jfrog/pipelines/app/node_modules
+ENV API_BIN_DIR /opt/jfrog/pipelines/app/api/bin
+
+# COPY IN PIPELINES FROM BASE IMAGE
+COPY --from=base /opt/jfrog/pipelines/app/api /opt/jfrog/pipelines/app/api
+
+# Add EULA information to meet the Red Hat container image certification requirements
+COPY entplus_EULA.txt /licenses/
+
+RUN mkdir -p /var/opt/jfrog && chmod 0777 /var/opt/jfrog
+
+RUN useradd -M -s /usr/sbin/nologin --uid ${PIPELINES_USER_ID} --user-group pipelines && \
+    chown -R ${PIPELINES_USER_ID}:${PIPELINES_USER_ID} /opt/jfrog/pipelines /var/opt/jfrog && \
+    yum install -y --disableplugin=subscription-manager wget && \
+    yum install -y --disableplugin=subscription-manager procps && \
+    yum install -y --disableplugin=subscription-manager net-tools && \
+    yum install -y --disableplugin=subscription-manager hostname
+
+RUN mkdir -p /opt/jfrog/pipelines/var/tmp
+RUN mkdir -p $LOG_DIR
+USER ${JF_PIPELINES_USER}
+WORKDIR /opt/jfrog/pipelines/app/api
+CMD ["node","api.app.js"]
+EXPOSE 30000

Diff for: customize-example/Dockerfile.redhat-ubi-pipelines-initcontainer

@@ -0,0 +1,30 @@
+# The new image based on registry.access.redhat.com/ubi
+FROM registry.access.redhat.com/ubi8
+
+USER root
+
+LABEL name="JFrog Pipelines Init Container" \
+      description="JFrog Pipelines Init Container image based on the Red Hat Universal Base Image." \
+      vendor="JFrog" \
+      summary="JFrog Pipelines Init Container (Red Hat UBI)" \
+      com.jfrog.license_terms="https://jfrog.com/platform/enterprise-plus-eula/"
+
+# install the necessary programs for the init container
+RUN yum install -y --disableplugin=subscription-manager nc
+RUN yum install -y --disableplugin=subscription-manager libcap libcap-ng
+# Add EULA information to meet the Red Hat container image certification requirements
+COPY entplus_EULA.txt /licenses/
+
+# Environment needed for Pipelines
+ENV JF_PIPELINES_USER=pipelines \
+    PIPELINES_USER_ID=1000721117
+
+RUN mkdir -p /home/${JF_PIPELINES_USER}
+RUN useradd -M -s /usr/sbin/nologin --uid ${PIPELINES_USER_ID} --user-group ${JF_PIPELINES_USER} && \
+    chown -R ${PIPELINES_USER_ID}:${PIPELINES_USER_ID} /home/${JF_PIPELINES_USER}
+
+USER ${JF_PIPELINES_USER}
+
+WORKDIR /home/${JF_PIPELINES_USER}
+
+ENTRYPOINT ["bash"]

Diff for: customize-example/Dockerfile.redhat-ubi-pipelines-installer

@@ -0,0 +1,60 @@
+ARG PIPELINES_BASE_VERSION
+
+FROM docker.bintray.io/jfrog/pipelines-installer:${PIPELINES_BASE_VERSION} AS base
+
+# The new image based on registry.access.redhat.com/ubi
+FROM registry.access.redhat.com/ubi8/nodejs-10
+
+USER root
+
+LABEL name="JFrog Pipelines Installer" \
+      description="JFrog Pipelines Installer image based on the Red Hat Universal Base Image." \
+      vendor="JFrog" \
+      summary="JFrog Pipelines Installer (Red Hat UBI)" \
+      com.jfrog.license_terms="https://jfrog.com/platform/enterprise-plus-eula/"
+
+# Environment needed for Pipelines
+ENV JF_PIPELINES_USER=pipelines \
+    PIPELINES_USER_ID=1000721117 \
+    PIPELINES_VERSION=${PIPELINES_BASE_VERSION} \
+    JF_PRODUCT_HOME=/opt/jfrog/pipelines \
+    JF_PRODUCT_DATA_INTERNAL=/var/opt/jfrog/pipelines
+
+ENV NODE_PATH /usr/local/lib/node_modules
+ENV TMP_DIR /opt/jfrog/pipelines/var/tmp
+ENV SRC_DIR /opt/jfrog/pipelines/installer
+ENV DEPENDENCIES /opt/jfrog/pipelines/dependencies
+
+# COPY IN PIPELINES FROM BASE IMAGE
+COPY --from=base /usr/local/lib /usr/local/lib
+COPY --from=base /opt/jfrog/pipelines/var/tmp /opt/jfrog/pipelines/var/tmp
+COPY --from=base /opt/jfrog/pipelines /opt/jfrog/pipelines
+
+# Add EULA information to meet the Red Hat container image certification requirements
+COPY entplus_EULA.txt /licenses/
+
+RUN mkdir -p /var/opt/jfrog && chmod 0777 /var/opt/jfrog
+RUN mkdir p /opt/jfrog/pipelines/var/etc/ && chmod 0777 /opt/jfrog/pipelines/var/etc/
+
+RUN useradd -M -s /usr/sbin/nologin --uid ${PIPELINES_USER_ID} --user-group pipelines && \
+    chown -R ${PIPELINES_USER_ID}:${PIPELINES_USER_ID} /opt/jfrog/pipelines /var/opt/jfrog && \
+    yum install -y --disableplugin=subscription-manager wget && \
+    yum install -y --disableplugin=subscription-manager procps && \
+    yum install -y --disableplugin=subscription-manager net-tools && \
+    yum install -y --disableplugin=subscription-manager https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
+    yum install -y --disableplugin=subscription-manager hostname python36 python3-pip nc
+
+RUN yum install -y --disableplugin=subscription-manager http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/atomic-release-1.0-21.el7.art.noarch.rpm && \
+    yum install -y --disableplugin=subscription-manager http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/oniguruma-5.9.5-3.el7.art.x86_64.rpm && \
+    yum install -y --disableplugin=subscription-manager http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/jq-1.5-1.el7.art.x86_64.rpm
+
+RUN wget https://github.com/mikefarah/yq/releases/download/3.4.0/yq_linux_amd64 -O /usr/bin/yq && chmod +x /usr/bin/yq
+
+# install psql
+RUN yum install -y --disableplugin=subscription-manager https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-8-x86_64/postgresql10-libs-10.14-1PGDG.rhel8.x86_64.rpm && \
+    yum install -y --disableplugin=subscription-manager https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-8-x86_64/postgresql10-10.14-1PGDG.rhel8.x86_64.rpm
+
+RUN mkdir -p /usr/local/bin && cp -rf /usr/bin/psql /usr/local/bin/psql
+USER ${JF_PIPELINES_USER}
+WORKDIR /opt/jfrog/pipelines/installer
+ENTRYPOINT ["/bin/bash", "execUtil.sh"]

Diff for: customize-example/Dockerfile.redhat-ubi-pipelines-k8snode

@@ -0,0 +1,89 @@
+ARG PIPELINES_BASE_VERSION
+
+FROM docker.bintray.io/jfrog/pipelines-api:${PIPELINES_BASE_VERSION} AS base
+FROM jfrog-docker-reg2.bintray.io/pipelines-node:1.4.2 AS base2
+
+# The new image based on registry.access.redhat.com/ubi
+FROM registry.access.redhat.com/ubi8
+
+USER root
+
+LABEL name="JFrog Pipelines K8s Node" \
+      description="JFrog Pipelines K8s Node image based on the Red Hat Universal Base Image." \
+      vendor="JFrog" \
+      summary="JFrog Pipelines K8s Node (Red Hat UBI)" \
+      com.jfrog.license_terms="https://jfrog.com/platform/enterprise-plus-eula/"
+
+# Set vars
+ENV DOCKER_VERSION=18.09.9
+ENV NODE_VERSION=10.19.0
+
+#RUN apt-get update && \
+#    apt-get install sudo grep jq tar curl python-minimal wget ca-certificates rsync vim -y
+
+
+RUN yum install -y --disableplugin=subscription-manager wget && \
+    yum install -y --disableplugin=subscription-manager procps && \
+    yum install -y --disableplugin=subscription-manager net-tools && \
+    yum install -y --disableplugin=subscription-manager hostname && \
+    yum install -y --disableplugin=subscription-manager https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm && \
+    yum install -y --disableplugin=subscription-manager sudo grep tar python36 ca-certificates rsync vim
+
+
+
+RUN wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.36.0/install.sh | bash
+ENV NVM_DIR=/root/.nvm
+RUN . "$NVM_DIR/nvm.sh" && nvm install ${NODE_VERSION}
+RUN . "$NVM_DIR/nvm.sh" && nvm use v${NODE_VERSION}
+RUN . "$NVM_DIR/nvm.sh" && nvm alias default v${NODE_VERSION}
+RUN cp /root/.nvm/versions/node/v${NODE_VERSION}/bin/node /usr/bin/
+RUN cp /root/.nvm/versions/node/v${NODE_VERSION}/bin/npm /usr/bin/
+RUN /root/.nvm/versions/node/v${NODE_VERSION}/bin/npm install leasot@latest -g
+
+RUN curl -0 -L https://npmjs.com/install.sh | sh
+
+# Get files needed to run Build Plane node
+COPY --from=base /opt/jfrog/pipelines/app/api/bin/buildPlane-x86_64-RHEL_7.rpm /tmp/buildPlane-x86_64-RHEL_7.rpm
+COPY ./executeAffinityGroup_fix.js /tmp
+
+RUN yum localinstall -y --disableplugin=subscription-manager /tmp/buildPlane-x86_64-RHEL_7.rpm
+RUN mkdir -p /tmp/var/opt/jfrog/pipelines/reqKick/execute/
+RUN mkdir -p /jfrog-init
+RUN cat /tmp/executeAffinityGroup_fix.js >> /tmp/var/opt/jfrog/pipelines/reqKick/execute/executeAffinityGroup.js
+RUN sed -i '/function __restart(bag) {/,$d' /tmp/var/opt/jfrog/pipelines/reqKick/execute/executeAffinityGroup.js
+RUN cp -fr /tmp/var/opt/jfrog/pipelines/ /jfrog-init
+RUN rm -fr /tmp/var && rm -fr /tmp/*
+
+COPY --from=base2 /jfrog-init /jfrog-init
+
+# Install app dependencies
+RUN cd /jfrog-init/reqKick; npm install
+
+# Install docker client
+RUN wget https://download.docker.com/linux/static/stable/x86_64/docker-$DOCKER_VERSION.tgz -P /tmp/docker && \
+    tar -xzf /tmp/docker/docker-$DOCKER_VERSION.tgz --directory /opt && \
+    ln -s /opt/docker/docker /usr/bin/docker && \
+    rm -fr /tmp/docker
+
+
+# Install nodejs pm2 monitoring
+RUN npm install pm2 -g
+
+
+# Add EULA information to meet the Red Hat container image certification requirements
+COPY entplus_EULA.txt /licenses/
+
+# Environment needed for Pipelines
+ENV JF_PIPELINES_USER=pipelines \
+    PIPELINES_USER_ID=1000721117 \
+    PIPELINES_VERSION=${PIPELINES_BASE_VERSION}
+
+RUN mkdir -p /home/${JF_PIPELINES_USER}
+RUN useradd -M -s /usr/sbin/nologin --uid ${PIPELINES_USER_ID} --user-group pipelines && \
+    chown -R ${PIPELINES_USER_ID}:${PIPELINES_USER_ID} /jfrog-init /home/${JF_PIPELINES_USER}
+
+USER ${JF_PIPELINES_USER}
+
+
+WORKDIR /jfrog-init/reqKick
+CMD ["pm2-runtime", "/jfrog-init/reqKick/reqKick.app.js"]

Diff for: customize-example/Dockerfile.redhat-ubi-pipelines-micro

@@ -0,0 +1,53 @@
+ARG PIPELINES_BASE_VERSION
+
+FROM docker.bintray.io/jfrog/pipelines-micro:${PIPELINES_BASE_VERSION} AS base
+
+# The new image based on registry.access.redhat.com/ubi
+FROM registry.access.redhat.com/ubi8/nodejs-10
+
+USER root
+
+LABEL name="JFrog Pipelines Micro" \
+      description="JFrog Pipelines Micro image based on the Red Hat Universal Base Image." \
+      vendor="JFrog" \
+      summary="JFrog Pipelines Micro (Red Hat UBI)" \
+      com.jfrog.license_terms="https://jfrog.com/platform/enterprise-plus-eula/"
+
+# Environment needed for Pipelines
+ENV JF_PIPELINES_USER=pipelines \
+    PIPELINES_USER_ID=1000721117 \
+    PIPELINES_VERSION=${PIPELINES_BASE_VERSION} \
+    JF_PRODUCT_HOME=/opt/jfrog/pipelines \
+    JF_PRODUCT_DATA_INTERNAL=/var/opt/jfrog/pipelines \
+    SERVICE_NAME=www \
+    APP_HOME_DIR=/opt/jfrog/pipelines/app/www \
+    LOG_DIR=/opt/jfrog/pipelines/var/log \
+    NODE_PATH=/opt/jfrog/pipelines/app/node_modules \
+    EXEC_TEMPLATES_DIR=/opt/jfrog/pipelines/app/execTemplates \
+    HOME=/home \
+    OLDPWD=/home \
+    SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+
+# COPY IN PIPELINES FROM BASE IMAGE
+COPY --from=base /opt/jfrog/pipelines /opt/jfrog/pipelines
+COPY --from=base /home /home
+COPY --from=base /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+# Add EULA information to meet the Red Hat container image certification requirements
+COPY entplus_EULA.txt /licenses/
+
+RUN mkdir -p /var/opt/jfrog && chmod 0777 /var/opt/jfrog
+
+RUN useradd -M -s /usr/sbin/nologin --uid ${PIPELINES_USER_ID} --user-group pipelines && \
+    chown -R ${PIPELINES_USER_ID}:${PIPELINES_USER_ID} /opt/jfrog/pipelines /var/opt/jfrog && \
+    yum install -y --disableplugin=subscription-manager wget && \
+    yum install -y --disableplugin=subscription-manager procps && \
+    yum install -y --disableplugin=subscription-manager net-tools && \
+    yum install -y --disableplugin=subscription-manager hostname
+
+RUN mkdir -p /opt/jfrog/pipelines/var/tmp
+RUN mkdir -p $LOG_DIR
+
+USER ${JF_PIPELINES_USER}
+WORKDIR /opt/jfrog/pipelines/app/micro/nexec
+CMD ["node","app.js"]
+EXPOSE 30001