Skip to content

Docker 2.0.0 Release
Compare
Choose a tag to compare
@vitalykorolev vitalykorolev released this 18 Jun 18:12
2.0.0
9644564
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This release includes the following updates

  • Added a new Docker image based on RedHat Universal Base Image (UBI) and added support for running MarkLogic in rootless mode. (latest tags now point to UBI-rootless images)
  • Added a new startup script to support running MarkLogic in rootless mode.
  • Updated tagging strategy to exclude Docker release version from the tags.
  • Updated README document Docker image upgrade from root to rootless.
  • Documented how to set the sysctl parameters when running containers.
  • Updated Docker tests for new UBI/rootless images.
  • Updated pipeline to build and test MarkLogic Docker images with RedHat Universal Base Image (UBI) as the base image.
  • Added tests for upgrade and converter installation.
  • Fixed bugs in startup logic to improve compatibility.

Known Issues and Limitations

CentOS base docker image

  1. The image must be run in privileged mode. At the moment if the image isn't run as privileged many calls that use sudo during the supporting script will fail due to lack of required permissions as the image will not be able to create a user with the required permissions.
  2. Using the "leave" button in the Admin interface to remove a node from a cluster may not succeed, depending on your network configuration. Use the Management API to remove a node from a cluster. See: https://docs.marklogic.com/REST/DELETE/admin/v1/host-config.
  3. Rejoining a node to a cluster, that had previously left that cluster, may not succeed.
  4. MarkLogic Server will default to the UTC timezone.
  5. The latest released version of CentOS 7 has known security vulnerabilities with respect to glib2 (CVE-2015-8387, CVE-2015-8390, CVE-2015-8394), glibc (CVE-2019-1010022), pcre (CVE-2015-8380, CVE-2015-8387, CVE-2015-8390, CVE-2015-8393, CVE-2015-8394), SQLite (CVE-2019-5827), nss (CVE-2014-3566), and bind-license (CVE-2023-6516, CVE-2023-5679, CVE-2023-5517, CVE-2023-50868, CVE-2023-50387, CVE-2023-4408). These libraries are included in the CentOS base image but, to-date, no fixes have been made available. Even though these libraries may be present in the base image that is used by MarkLogic Server, they are not used by MarkLogic Server itself, hence there is no impact or mitigation required.

RedHat UBI base docker image

  1. The image must be run in privileged mode. If the image isn't run as privileged, the calls that use sudo in the startup script will fail due to lack of required permissions as the image will not be able to create a user with the required permissions. To run in non-privileged mode, use one of the “rootless” image options.
  2. Using the "leave" button in the Admin interface to remove a node from a cluster may not succeed, depending on your network configuration. Use the Management API to remove a node from a cluster. See: https://docs.marklogic.com/REST/DELETE/admin/v1/host-config.
  3. Rejoining a node to a cluster, that had previously left that cluster, may not succeed.
  4. MarkLogic Server will default to the UTC timezone.
  5. The latest released version of RedHat UBI 8 has known security vulnerabilities :

These libraries are included in the RedHat UBI 8 base image but, to-date, no fixes have been made available. Even though these libraries may be present in the base image that is used by MarkLogic Server, they are not used by MarkLogic Server itself, hence there is no impact or mitigation required.

Assets 2
Loading