diff --git a/dockerfiles/agent/Dockerfile b/dockerfiles/agent/Dockerfile index 62be454..f2bf742 100644 --- a/dockerfiles/agent/Dockerfile +++ b/dockerfiles/agent/Dockerfile @@ -7,10 +7,11 @@ # # SPDX-License-Identifier: EPL-2.0 -FROM alpine:3.11 +FROM registry.redhat.io/ubi8/ubi:8.3 ENV USER=user \ UID=12345 \ + GROUP=group \ GID=23456 #cron task not work in openshift in case https://github.com/gliderlabs/docker-alpine/issues/381 @@ -20,36 +21,35 @@ ENV SUPERCRONIC_URL=https://github.com/aptible/supercronic/releases/download/v0. SUPERCRONIC_SHA1SUM=5ddf8ea26b56d4a7ff6faecdd8966610d5cb9d85 COPY cron/backup-cron-job /etc/crontabs/backup-cron-job -COPY scripts scripts +COPY scripts /scripts +COPY content_sets_centos8.repo /etc/yum.repos.d/ # Add user that will be able to start watcher binary but nothing more # the result will be propagated then into scratch image # See https://stackoverflow.com/a/55757473/12429735RUN -RUN addgroup --gid "$GID" "$USER" \ - && adduser \ - --disabled-password \ - --gecos "" \ - --home "$(pwd)" \ - --ingroup "$USER" \ - --no-create-home \ - --uid "$UID" \ - "$USER" \ +# +RUN dnf update -y \ + && dnf install -y \ + shadow-utils \ + rsync \ + curl \ + openssh-clients \ + ca-certificates \ + && dnf clean all \ + && rm -rf /var/cache/yum \ + && groupadd -g "$GID" "$GROUP" \ + && useradd --uid "$UID" \ + --comment "" \ + --home-dir "$(pwd)" \ + --no-create-home \ + "$USER" \ && mkdir /var/run/sshd && \ # Change permissions to let any arbitrary user for f in "/etc/passwd" "/var/run/sshd" "/scripts"; do \ echo "Changing permissions on ${f}" && chgrp -R 0 ${f} && \ chmod -R g+rwX ${f}; \ - done \ - # install needed software - && apk update \ - && apk upgrade \ - && apk add --no-cache \ - rsync \ - curl \ - openssh \ - ca-certificates \ - && update-ca-certificates \ - && rm -rf /var/cache/apk/* \ + done \ + && update-ca-trust \ #install supercronic && curl -fsSLO "$SUPERCRONIC_URL" \ && echo "${SUPERCRONIC_SHA1SUM} ${SUPERCRONIC}" | sha1sum -c - \ diff --git a/dockerfiles/agent/content_sets_centos8.repo b/dockerfiles/agent/content_sets_centos8.repo new file mode 100644 index 0000000..4d72fcc --- /dev/null +++ b/dockerfiles/agent/content_sets_centos8.repo @@ -0,0 +1,11 @@ +[centos-8-for-appstream] +name=centos-8-appstream +baseurl=http://mirror.centos.org/centos-8/8/AppStream/$basearch/os +enabled=1 +gpgcheck=0 + +[centos-8-for-baseos] +name=centos-8-baseos +baseurl=http://mirror.centos.org/centos-8/8/BaseOS/$basearch/os +enabled=1 +gpgcheck=0 diff --git a/dockerfiles/storage/Dockerfile b/dockerfiles/storage/Dockerfile index 278d0e6..2b185d1 100644 --- a/dockerfiles/storage/Dockerfile +++ b/dockerfiles/storage/Dockerfile @@ -7,25 +7,26 @@ # # SPDX-License-Identifier: EPL-2.0 -FROM alpine:3.11 +FROM registry.redhat.io/ubi8/ubi:8.3 +ADD content_sets_centos8.repo /etc/yum.repos.d/ COPY entrypoint.sh /usr/local/bin RUN mkdir /etc/ssh /var/run/sshd /.ssh \ + && dnf update -y \ + && dnf install -y \ + rsync \ + openssh-server \ + ca-certificates \ + passwd \ && touch /.ssh/known_hosts \ + && rm -rf /var/cache/yum /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key \ # Change permissions to let any arbitrary user && for f in "/etc/ssh" "/etc/passwd" "/.ssh" "/var/run/sshd" ; do \ echo "Changing permissions on ${f}" && chgrp -R 0 ${f} && \ chmod -R g+rwX ${f}; \ done \ - && apk update \ - && apk upgrade \ - && apk add --no-cache \ - rsync \ - openssh \ - ca-certificates \ - && update-ca-certificates \ - && rm -rf /var/cache/apk/* /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_dsa_key \ + && update-ca-trust \ && chmod 0550 /.ssh \ && chmod 0777 /.ssh/known_hosts \ && sed -i s/root:!/"root:*"/g /etc/shadow \ diff --git a/dockerfiles/storage/content_sets_centos8.repo b/dockerfiles/storage/content_sets_centos8.repo new file mode 100644 index 0000000..4d72fcc --- /dev/null +++ b/dockerfiles/storage/content_sets_centos8.repo @@ -0,0 +1,11 @@ +[centos-8-for-appstream] +name=centos-8-appstream +baseurl=http://mirror.centos.org/centos-8/8/AppStream/$basearch/os +enabled=1 +gpgcheck=0 + +[centos-8-for-baseos] +name=centos-8-baseos +baseurl=http://mirror.centos.org/centos-8/8/BaseOS/$basearch/os +enabled=1 +gpgcheck=0