Add UBI Dockerfiles and put the old alpine ones back

Signed-off-by: Tom George <[email protected]>
che-incubator · Jan 14, 2021 · a6f59ce · a6f59ce
1 parent 51a3375
commit a6f59ce
Show file tree

Hide file tree

Showing 4 changed files with 144 additions and 35 deletions.
diff --git a/dockerfiles/agent/Dockerfile b/dockerfiles/agent/Dockerfile
@@ -1,48 +1,55 @@
-FROM registry.redhat.io/ubi8/ubi-minimal
+#!/bin/bash
+#
+# Copyright (c) 2019-2020 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+
+FROM alpine:3.11
 
 ENV USER=user \
     UID=12345 \
-    GROUP=group \
     GID=23456
 
-ADD content_sets_centos8.repo /etc/yum.repos.d/
-
 #cron task not work in openshift in case https://github.com/gliderlabs/docker-alpine/issues/381
 #so will used  supercronic https://github.com/aptible/supercronic
 ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.1.9/supercronic-linux-amd64 \
     SUPERCRONIC=supercronic-linux-amd64 \
     SUPERCRONIC_SHA1SUM=5ddf8ea26b56d4a7ff6faecdd8966610d5cb9d85
 
 COPY cron/backup-cron-job /etc/crontabs/backup-cron-job
-COPY scripts /scripts
-#
+COPY scripts scripts
+
 # Add user that will be able to start watcher binary but nothing more
 # the result will be propagated then into scratch image
 # See https://stackoverflow.com/a/55757473/12429735RUN
-#
-RUN microdnf update -y \ 
-      && microdnf install -y \
-      shadow-utils \
-      rsync \
-      curl \
-      openssh \
-      openssh-clients \
-      ca-certificates \
-      && microdnf clean all \
-      && rm -rf /var/cache/yum \
-      && groupadd -g "$GID" "$GROUP" \ 
-      && useradd  --uid "$UID" \
-         --comment "" \
-         --home-dir "$(pwd)" \
-         --no-create-home \
-         "$USER" \
+RUN addgroup --gid "$GID" "$USER" \
+       && adduser \
+       --disabled-password \
+       --gecos "" \
+       --home "$(pwd)" \
+       --ingroup "$USER" \
+       --no-create-home \
+       --uid "$UID" \
+       "$USER" \
       && mkdir  /var/run/sshd && \
       # Change permissions to let any arbitrary user
       for f in  "/etc/passwd" "/var/run/sshd" "/scripts"; do \
         echo "Changing permissions on ${f}" && chgrp -R 0 ${f} && \
         chmod -R g+rwX ${f}; \
-      done  \
-      && update-ca-trust \
+      done \
+      # install needed software
+      && apk update \
+      && apk upgrade \
+      && apk add --no-cache \
+            rsync \
+            curl \
+            openssh \
+            ca-certificates \
+      && update-ca-certificates \
+      && rm -rf /var/cache/apk/* \
       #install supercronic
       && curl -fsSLO "$SUPERCRONIC_URL" \
       && echo "${SUPERCRONIC_SHA1SUM}  ${SUPERCRONIC}" | sha1sum -c - \

diff --git a/dockerfiles/agent/ubi.Dockerfile b/dockerfiles/agent/ubi.Dockerfile
@@ -0,0 +1,66 @@
+# Copyright (c) 2019-2020 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+
+# https://access.redhat.com/containers/?tab=tags#/registry.access.redhat.com/ubi8-minimal
+FROM registry.redhat.io/ubi8/ubi-minimal:8.3-230
+
+ENV USER=user \
+    UID=12345 \
+    GROUP=group \
+    GID=23456
+
+ADD content_sets_centos8.repo /etc/yum.repos.d/
+
+#cron task not work in openshift in case https://github.com/gliderlabs/docker-alpine/issues/381
+#so will used  supercronic https://github.com/aptible/supercronic
+ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0.1.9/supercronic-linux-amd64 \
+    SUPERCRONIC=supercronic-linux-amd64 \
+    SUPERCRONIC_SHA1SUM=5ddf8ea26b56d4a7ff6faecdd8966610d5cb9d85
+
+COPY cron/backup-cron-job /etc/crontabs/backup-cron-job
+COPY scripts /scripts
+#
+# Add user that will be able to start watcher binary but nothing more
+# the result will be propagated then into scratch image
+# See https://stackoverflow.com/a/55757473/12429735RUN
+#
+RUN microdnf update -y \ 
+      && microdnf install -y \
+      shadow-utils \
+      rsync \
+      curl \
+      openssh \
+      openssh-clients \
+      ca-certificates \
+      && microdnf clean all \
+      && rm -rf /var/cache/yum \
+      && groupadd -g "$GID" "$GROUP" \ 
+      && useradd  --uid "$UID" \
+         --comment "" \
+         --home-dir "$(pwd)" \
+         --no-create-home \
+         "$USER" \
+      && mkdir  /var/run/sshd && \
+      # Change permissions to let any arbitrary user
+      for f in  "/etc/passwd" "/var/run/sshd" "/scripts"; do \
+        echo "Changing permissions on ${f}" && chgrp -R 0 ${f} && \
+        chmod -R g+rwX ${f}; \
+      done  \
+      && update-ca-trust \
+      #install supercronic
+      && curl -fsSLO "$SUPERCRONIC_URL" \
+      && echo "${SUPERCRONIC_SHA1SUM}  ${SUPERCRONIC}" | sha1sum -c - \
+      && chmod +x "$SUPERCRONIC" \
+      && mv "$SUPERCRONIC" "/usr/local/bin/${SUPERCRONIC}" \
+      && ln -s "/usr/local/bin/${SUPERCRONIC}" /usr/local/bin/supercronic \
+      # change permissions 
+      && chmod +x /scripts/* \
+      && chmod 0644 /etc/crontabs/backup-cron-job \
+      && sed -i s/root:!/"root:*"/g /etc/shadow
+
+EXPOSE 4445
+ENTRYPOINT [ "/scripts/entrypoint.sh" ]
diff --git a/dockerfiles/storage/Dockerfile b/dockerfiles/storage/Dockerfile
@@ -7,26 +7,25 @@
 #
 # SPDX-License-Identifier: EPL-2.0
 
-FROM registry.redhat.io/ubi8/ubi-minimal:8.3
+FROM alpine:3.11
 
-ADD content_sets_centos8.repo /etc/yum.repos.d/
 COPY  entrypoint.sh /usr/local/bin
 
 RUN mkdir /etc/ssh /var/run/sshd /.ssh \
-    && microdnf update -y \
-    && microdnf install -y \
-            rsync \
-            openssh-server \
-            ca-certificates \
-            passwd \
     && touch /.ssh/known_hosts \
-    && rm -rf /var/cache/yum /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key \
     # Change permissions to let any arbitrary user
     && for f in  "/etc/ssh" "/etc/passwd" "/.ssh" "/var/run/sshd" ; do \
         echo "Changing permissions on ${f}" && chgrp -R 0 ${f} && \
         chmod -R g+rwX ${f}; \
        done \
-    && update-ca-trust \
+    && apk update \
+    && apk upgrade \
+    && apk add --no-cache \
+            rsync \
+            openssh \
+            ca-certificates \
+    && update-ca-certificates \
+    && rm -rf /var/cache/apk/* /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key \
     && chmod 0550 /.ssh \
     && chmod 0777 /.ssh/known_hosts \
     && sed -i s/root:!/"root:*"/g /etc/shadow \

diff --git a/dockerfiles/storage/ubi.Dockerfile b/dockerfiles/storage/ubi.Dockerfile
@@ -0,0 +1,37 @@
+# Copyright (c) 2019-2020 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+# 
+
+# https://access.redhat.com/containers/?tab=tags#/registry.access.redhat.com/ubi8-minimal
+FROM registry.redhat.io/ubi8/ubi-minimal:8.3-230
+
+ADD content_sets_centos8.repo /etc/yum.repos.d/
+COPY  entrypoint.sh /usr/local/bin
+
+RUN mkdir /etc/ssh /var/run/sshd /.ssh \
+    && microdnf update -y \
+    && microdnf install -y \
+            rsync \
+            openssh-server \
+            ca-certificates \
+            passwd \
+    && touch /.ssh/known_hosts \
+    && rm -rf /var/cache/yum /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key \
+    # Change permissions to let any arbitrary user
+    && for f in  "/etc/ssh" "/etc/passwd" "/.ssh" "/var/run/sshd" ; do \
+        echo "Changing permissions on ${f}" && chgrp -R 0 ${f} && \
+        chmod -R g+rwX ${f}; \
+       done \
+    && update-ca-trust \
+    && chmod 0550 /.ssh \
+    && chmod 0777 /.ssh/known_hosts \
+    && sed -i s/root:!/"root:*"/g /etc/shadow \
+    && chmod +x /usr/local/bin/entrypoint.sh
+
+COPY sshd_config /etc/ssh/sshd_config
+EXPOSE 2222
+ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]