From bba920fe872795dc707dff3e686e43cb82c48579 Mon Sep 17 00:00:00 2001 From: "Klippert, Alex" Date: Tue, 14 Nov 2023 13:54:17 +0100 Subject: [PATCH] revertback to redhat8 --- base/debian-10/Dockerfile | 26 -------- base/debian-10/install.sh | 100 ----------------------------- base/redhat-8/Dockerfile | 39 ++++++++++++ base/redhat-8/install.sh | 111 +++++++++++++++++++++++++++++++++ splunk/common-files/Dockerfile | 2 +- 5 files changed, 151 insertions(+), 127 deletions(-) delete mode 100644 base/debian-10/Dockerfile delete mode 100755 base/debian-10/install.sh create mode 100644 base/redhat-8/Dockerfile create mode 100755 base/redhat-8/install.sh diff --git a/base/debian-10/Dockerfile b/base/debian-10/Dockerfile deleted file mode 100644 index 428e36ae..00000000 --- a/base/debian-10/Dockerfile +++ /dev/null @@ -1,26 +0,0 @@ -# Copyright 2018-2021 Splunk -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -FROM debian:buster-slim -LABEL maintainer="support@splunk.com" - -ARG SCLOUD_URL -ENV SCLOUD_URL=${SCLOUD_URL} \ - DEBIAN_FRONTEND=noninteractive \ - PYTHON_VERSION=3.7.10 \ - PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D - -COPY install.sh /install.sh -RUN /install.sh && rm -rf /install.sh -# \ No newline at end of file diff --git a/base/debian-10/install.sh b/base/debian-10/install.sh deleted file mode 100755 index 61dc8ca0..00000000 --- a/base/debian-10/install.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/bash -# Copyright 2018-2021 Splunk -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -e - -# Generate UTF-8 char map and locale -apt-get update -y -apt-get install -y --no-install-recommends locales wget gnupg -echo "en_US.UTF-8 UTF-8" > /etc/locale.gen -rm -f /usr/share/locale/locale.alias -ln -s /etc/locale.alias /usr/share/locale/locale.alias -locale-gen -localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -export LANG=en_US.utf8 - -# Set timezone to use UTC -ln -sf /usr/share/zoneinfo/UTC /etc/localtime -/usr/sbin/dpkg-reconfigure -f noninteractive tzdata - -# Install utility packages -apt-get install -y --no-install-recommends curl sudo libgssapi-krb5-2 busybox procps acl gcc make \ - libffi-dev libssl-dev make build-essential libbz2-dev \ - wget xz-utils ca-certificates zlib1g-dev python3-apt p11-kit liblz4-dev \ - libhogweed4=3.4.1-1+deb10u1 libgnutls30=3.6.7-4+deb10u7 libgcrypt20=1.8.4-5+deb10u1 - -# Install Python and necessary packages -PY_SHORT=${PYTHON_VERSION%.*} -wget -O /tmp/python.tgz https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz -wget -O /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz.asc -gpg --recv-keys $PYTHON_GPG_KEY_ID -gpg --verify /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc /tmp/python.tgz -rm /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc -mkdir -p /tmp/pyinstall -tar -xzC /tmp/pyinstall/ --strip-components=1 -f /tmp/python.tgz -rm /tmp/python.tgz -cd /tmp/pyinstall -./configure --enable-optimizations --prefix=/usr --with-ensurepip=install -make altinstall LDFLAGS="-Wl,--strip-all" -rm -rf /tmp/pyinstall -ln -sf /usr/bin/python${PY_SHORT} /usr/bin/python -ln -sf /usr/bin/pip${PY_SHORT} /usr/bin/pip -# For ansible apt module -cd /tmp -apt-get download python3-apt=1.8.4.3 -ARCH=`arch` -PKG_ARCH=`dpkg --print-architecture` -dpkg -x python3-apt_1.8.4.3_${PKG_ARCH}.deb python3-apt -rm python3-apt_1.8.4.3_${PKG_ARCH}.deb -cp -r /tmp/python3-apt/usr/lib/python3/dist-packages/* /usr/lib/python${PY_SHORT}/site-packages/ -cd /usr/lib/python${PY_SHORT}/site-packages/ -cp apt_pkg.cpython-37m-${ARCH}-linux-gnu.so apt_pkg.so -cp apt_inst.cpython-37m-${ARCH}-linux-gnu.so apt_inst.so -rm -rf /tmp/python3-apt -# Install splunk-ansible dependencies -cd / -pip -q --no-cache-dir install six wheel requests cryptography==3.3.2 ansible==3.4.0 urllib3==1.26.5 jmespath --upgrade -# Remove tests packaged in python libs -find /usr/lib/ -depth \( -type d -a -not -wholename '*/ansible/plugins/test' -a \( -name test -o -name tests -o -name idle_test \) \) -exec rm -rf '{}' \; -find /usr/lib/ -depth \( -type f -a -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) -exec rm -rf '{}' \; -find /usr/lib/ -depth \( -type f -a -name 'wininst-*.exe' \) -exec rm -rf '{}' \; -ldconfig - -apt-get remove -y --allow-remove-essential gcc libffi-dev libssl-dev make build-essential libbz2-dev xz-utils zlib1g-dev -apt-get autoremove -y --allow-remove-essential - -# Install scloud -wget -O /usr/bin/scloud.tar.gz ${SCLOUD_URL} -tar -xf /usr/bin/scloud.tar.gz -C /usr/bin/ -rm /usr/bin/scloud.tar.gz - -# Enable busybox symlinks -cd /bin -BBOX_LINKS=( clear find diff hostname killall netstat nslookup ping ping6 readline route syslogd tail traceroute vi ) -for item in "${BBOX_LINKS[@]}" -do - ln -s busybox $item || true -done -chmod u+s /bin/ping - -echo 'alias ll="ls --color -al"' >> /etc/bashrc -echo 'alias cs="clear;ls -lsh"' >> /etc/bashrc -echo 'alias ..="cd .."' >> /etc/bashrc -echo 'alias ...="cd ../.."' >> /etc/bashrc -echo 'alias splunk=/opt/splunk/bin/splunk' >> /etc/bashrc - -# Clean -apt clean autoclean -rm -rf /var/lib/apt/lists/* diff --git a/base/redhat-8/Dockerfile b/base/redhat-8/Dockerfile new file mode 100644 index 00000000..57706181 --- /dev/null +++ b/base/redhat-8/Dockerfile @@ -0,0 +1,39 @@ +# Copyright 2018-2021 Splunk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# NOTE that since OpenShift Container Platform 3.11 +# the container catalog moved from registry.access.redhat.com to registry.redhat.io +# So at some point before they deprecate the old registry we have to make sure that +# we have access to the new registry and change where we pull the ubi image from. +FROM registry.access.redhat.com/ubi8/ubi-minimal + +LABEL name="splunk" \ + maintainer="support@splunk.com" \ + vendor="splunk" \ + release="1" \ + summary="UBI 8 Docker image of Splunk Enterprise" \ + description="Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results." + +ARG BUSYBOX_URL + +ENV BUSYBOX_URL=${BUSYBOX_URL} \ + PYTHON_VERSION=3.7.16 \ + PYTHON_GPG_KEY_ID=0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D + +COPY install.sh /install.sh + +RUN mkdir /licenses \ + && curl -o /licenses/apache-2.0.txt https://www.apache.org/licenses/LICENSE-2.0.txt \ + && curl -o /licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf https://www.redhat.com/licenses/EULA_Red_Hat_Universal_Base_Image_English_20190422.pdf \ + && /install.sh && rm -rf /install.sh \ No newline at end of file diff --git a/base/redhat-8/install.sh b/base/redhat-8/install.sh new file mode 100755 index 00000000..896f8b09 --- /dev/null +++ b/base/redhat-8/install.sh @@ -0,0 +1,111 @@ +#!/bin/bash +# Copyright 2018-2021 Splunk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +# Generate UTF-8 char map and locale +# Reinstalling local English def for now, removed in minimal image: https://bugzilla.redhat.com/show_bug.cgi?id=1665251 +microdnf -y --nodocs install glibc-langpack-en + +# Currently there is no access to the UTF-8 char map. The following command is commented out until +# the base container can generate the locale. +# localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +# We get around the gen above by forcing the language install, and then pointing to it. +export LANG=en_US.utf8 + +# Install utility packages +microdnf -y --nodocs install wget sudo shadow-utils procps tar make gcc \ + openssl-devel bzip2-devel libffi-devel findutils \ + libssh-devel libcurl-devel glib2-devel ncurses-devel +# Patch security updates +microdnf -y --nodocs update gnutls kernel-headers libdnf librepo libnghttp2 nettle \ + libpwquality libxml2 systemd-libs lz4-libs curl \ + rpm rpm-libs sqlite-libs cyrus-sasl-lib vim expat \ + openssl-libs xz-libs zlib libsolv file-libs pcre \ + libarchive libgcrypt libksba libstdc++ json-c gnupg + +# Reinstall tzdata (originally stripped from minimal image): https://bugzilla.redhat.com/show_bug.cgi?id=1903219 +microdnf -y --nodocs reinstall tzdata || microdnf -y --nodocs update tzdata + +# Install Python and necessary packages +PY_SHORT=${PYTHON_VERSION%.*} +wget -O /tmp/python.tgz https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz +wget -O /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz.asc +gpg --keyserver keys.openpgp.org --recv-keys $PYTHON_GPG_KEY_ID \ + || gpg --keyserver pool.sks-keyservers.net --recv-keys $PYTHON_GPG_KEY_ID \ + || gpg --keyserver pgp.mit.edu --recv-keys $PYTHON_GPG_KEY_ID \ + || gpg --keyserver keyserver.pgp.com --recv-keys $PYTHON_GPG_KEY_ID +gpg --verify /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc /tmp/python.tgz +rm /tmp/Python-gpg-sig-${PYTHON_VERSION}.tgz.asc +mkdir -p /tmp/pyinstall +tar -xzC /tmp/pyinstall/ --strip-components=1 -f /tmp/python.tgz +rm /tmp/python.tgz +cd /tmp/pyinstall +./configure --enable-optimizations --prefix=/usr --with-ensurepip=install +make altinstall LDFLAGS="-Wl,--strip-all" +rm -rf /tmp/pyinstall +ln -sf /usr/bin/python${PY_SHORT} /usr/bin/python +ln -sf /usr/bin/pip${PY_SHORT} /usr/bin/pip + +# Install splunk-ansible dependencies +cd / +/usr/bin/python3.7 -m pip install --upgrade pip +pip -q --no-cache-dir install --upgrade six wheel requests Mako urllib3 certifi jmespath future avro cryptography lxml protobuf setuptools ansible + +# Remove tests packaged in python libs +find /usr/lib/ -depth \( -type d -a -not -wholename '*/ansible/plugins/test' -a \( -name test -o -name tests -o -name idle_test \) \) -exec rm -rf '{}' \; +find /usr/lib/ -depth \( -type f -a -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) -exec rm -rf '{}' \; +find /usr/lib/ -depth \( -type f -a -name 'wininst-*.exe' \) -exec rm -rf '{}' \; +ldconfig + +# Cleanup +microdnf remove -y make gcc openssl-devel bzip2-devel findutils glib2-devel glibc-devel cpp binutils \ + keyutils-libs-devel krb5-devel libcom_err-devel libffi-devel libcurl-devel \ + libselinux-devel libsepol-devel libssh-devel libverto-devel libxcrypt-devel \ + ncurses-devel pcre2-devel zlib-devel +microdnf clean all + +# Install busybox direct from the multiarch since EPEL isn't available yet for redhat8 +BUSYBOX_URL=${BUSYBOX_URL:=https://busybox.net/downloads/binaries/1.35.0-`arch`-linux-musl/busybox} +wget -O /bin/busybox ${BUSYBOX_URL} +chmod +x /bin/busybox + +# Enable busybox symlinks +cd /bin +BBOX_LINKS=( clear find diff hostname killall netstat nslookup ping ping6 readline route syslogd tail traceroute vi ) +for item in "${BBOX_LINKS[@]}" +do + ln -s busybox $item || true +done +chmod u+s /bin/ping +groupadd -g 815 sudo + +echo " +## Allows people in group sudo to run all commands +%sudo ALL=(ALL) ALL" >> /etc/sudoers + +echo " +## Allow splunk in group sudo to run all commands +splunk ALL=NOPASSWD:ALL" >> /etc/sudoers + +echo 'alias ll="ls --color -al"' >> /etc/bashrc +echo 'alias cs="clear;ls -lsh"' >> /etc/bashrc +echo 'alias ..="cd .."' >> /etc/bashrc +echo 'alias ...="cd ../.."' >> /etc/bashrc +echo 'alias splunk=/opt/splunk/bin/splunk' >> /etc/bashrc + +# Clean +microdnf clean all +rm -rf /install.sh /anaconda-post.log /var/log/anaconda/* \ No newline at end of file diff --git a/splunk/common-files/Dockerfile b/splunk/common-files/Dockerfile index 01d12e1a..4050ccfb 100644 --- a/splunk/common-files/Dockerfile +++ b/splunk/common-files/Dockerfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -ARG SPLUNK_BASE_IMAGE=base-debian-10 +ARG SPLUNK_BASE_IMAGE=redhat-8 # # # Download and unpack Splunk Enterprise