From 70e40c08d69050f499d9de641a94946aed9b4b0e Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 30 Oct 2024 15:42:25 +0530 Subject: [PATCH 01/49] add trimmed down dockerfile --- base/Docker-refresh | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 base/Docker-refresh diff --git a/base/Docker-refresh b/base/Docker-refresh new file mode 100644 index 0000000000..ae953d7545 --- /dev/null +++ b/base/Docker-refresh @@ -0,0 +1,32 @@ +ARG MICRODIR=/microdir +ARG PACKAGES_TO_INSTALL="temurin-17-jre shadow-utils" + +FROM registry.access.redhat.com/ubi8 AS BUILD +ARG MICRODIR +ARG PACKAGES_TO_INSTALL +RUN mkdir ${MICRODIR} + +RUN printf "[temurin-jre] \n\ +name=temurin-jre \n\ +baseurl=https://packages.adoptium.net/artifactory/rpm/rhel/\$releasever/\$basearch \n\ +enabled=1 \n\ +gpgcheck=1 \n\ +gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ +" > /etc/yum.repos.d/adoptium.repo + +RUN yum --nodocs install -y --setopt=install_weak_deps=False ${PACKAGES_TO_INSTALL} + +RUN yum clean all + +FROM registry.access.redhat.com/ubi8-micro AS REFRESH +ARG MICRODIR +COPY --from=BUILD /usr/lib/jvm/temurin-17-jre/ ${MICRODIR}/jre/ + +ENV PATH="${MICRODIR}/jre/bin:${PATH}" + +RUN echo "appuser:x:1001:1001::/home/appuser:/bin/sh" >> /etc/passwd && \ + mkdir -p /home/appuser && \ + chown 1001:1001 /home/appuser + +USER appuser +WORKDIR /home/appuser From 2541a910ba8756f9fd54d3b098119f830d63f701 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 6 Nov 2024 12:11:12 +0530 Subject: [PATCH 02/49] add docker refresh module --- pom.xml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pom.xml b/pom.xml index ae82f30b12..f568f634bb 100644 --- a/pom.xml +++ b/pom.xml @@ -21,6 +21,7 @@ utility-belt docker-utils + refresh base base-lite jmxterm @@ -34,6 +35,7 @@ 7.9.0-0 8.10-1086 + 8.10-13 3.0.9 From 409bb4c7846f73e2cf24929a56633aa4f69ec4d1 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 6 Nov 2024 12:11:36 +0530 Subject: [PATCH 03/49] copy binaries from cp-base-new --- .../include/etc/confluent/docker/bash-config | 23 +++++++++++++++ .../etc/confluent/docker/mesos-setup.sh | 27 ++++++++++++++++++ .../include/etc/cp-base-new/log4j.properties | 28 +++++++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 refresh/include/etc/confluent/docker/bash-config create mode 100644 refresh/include/etc/confluent/docker/mesos-setup.sh create mode 100644 refresh/include/etc/cp-base-new/log4j.properties diff --git a/refresh/include/etc/confluent/docker/bash-config b/refresh/include/etc/confluent/docker/bash-config new file mode 100644 index 0000000000..43c08d9b50 --- /dev/null +++ b/refresh/include/etc/confluent/docker/bash-config @@ -0,0 +1,23 @@ +# +# Copyright 2018 Confluent Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o nounset \ + -o errexit + +# Trace may expose passwords/credentials by printing them to stdout, so turn on with care. +if [ "${TRACE:-}" == "true" ]; then + set -o verbose \ + -o xtrace +fi diff --git a/refresh/include/etc/confluent/docker/mesos-setup.sh b/refresh/include/etc/confluent/docker/mesos-setup.sh new file mode 100644 index 0000000000..b3874daf6d --- /dev/null +++ b/refresh/include/etc/confluent/docker/mesos-setup.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +set +o nounset + +if [ -z $SKIP_MESOS_AUTO_SETUP ]; then + if [ -n $MESOS_SANDBOX ] && [ -e $MESOS_SANDBOX/.ssl/scheduler.crt ] && [ -e $MESOS_SANDBOX/.ssl/scheduler.key ]; then + echo "Entering Mesos auto setup for Java SSL truststore. You should not see this if you are not on mesos ..." + + openssl pkcs12 -export -in $MESOS_SANDBOX/.ssl/scheduler.crt -inkey $MESOS_SANDBOX/.ssl/scheduler.key \ + -out /tmp/keypair.p12 -name keypair \ + -CAfile $MESOS_SANDBOX/.ssl/ca-bundle.crt -caname root -passout pass:export + + keytool -importkeystore \ + -deststorepass changeit -destkeypass changeit -destkeystore /tmp/kafka-keystore.jks \ + -srckeystore /tmp/keypair.p12 -srcstoretype PKCS12 -srcstorepass export \ + -alias keypair + + keytool -import \ + -trustcacerts \ + -alias root \ + -file $MESOS_SANDBOX/.ssl/ca-bundle.crt \ + -storepass changeit \ + -keystore /tmp/kafka-truststore.jks -noprompt + fi +fi + +set -o nounset diff --git a/refresh/include/etc/cp-base-new/log4j.properties b/refresh/include/etc/cp-base-new/log4j.properties new file mode 100644 index 0000000000..40fd0b7329 --- /dev/null +++ b/refresh/include/etc/cp-base-new/log4j.properties @@ -0,0 +1,28 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +log4j.rootLogger=OFF + +# Only log errors from Kafka and ZKClient +log4j.logger.org.apache.kafka=ERROR +log4j.logger.org.I0Itec.zkclient.ZkClient=ERROR + +# Log informational messages from the CLI and Zookeeper +log4j.logger.io.confluent.admin.utils=INFO, stderr +log4j.logger.org.apache.zookeeper=INFO, stderr +# STDERR Appender +log4j.appender.stderr=org.apache.log4j.ConsoleAppender +log4j.appender.stderr.layout=org.apache.log4j.PatternLayout +log4j.appender.stderr.Target=System.err +log4j.appender.stderr.layout.ConversionPattern=%m%n From 169acaec1a539da75c5ca5ce49900c978712f84d Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 6 Nov 2024 12:12:13 +0530 Subject: [PATCH 04/49] create dockerfile with jre and ubi-micro --- refresh/Dockerfile.ubi8 | 53 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 refresh/Dockerfile.ubi8 diff --git a/refresh/Dockerfile.ubi8 b/refresh/Dockerfile.ubi8 new file mode 100644 index 0000000000..dfecc6862a --- /dev/null +++ b/refresh/Dockerfile.ubi8 @@ -0,0 +1,53 @@ +ARG MICRODIR=/microdir +ARG UBI_MICRO_VERSION=8.10-13 +ARG TEMURIN_JDK_VERSION="17.0.13.0.0.11-2" +FROM registry.access.redhat.com/ubi8 AS BUILD + +RUN printf "[temurin-jre] \n\ +name=temurin-jre \n\ +baseurl=https://packages.adoptium.net/artifactory/rpm/rhel/\$releasever/\$basearch \n\ +enabled=1 \n\ +gpgcheck=1 \n\ +gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ +" > /etc/yum.repos.d/adoptium.repo +RUN echo "installing temurin-17-jre:${TEMURIN_JDK_VERSION}" +RUN yum --nodocs install -y --setopt=install_weak_deps=False temurin-17-jre + +RUN yum clean all + +FROM registry.access.redhat.com/ubi8-micro:${UBI_MICRO_VERSION} AS REFRESH +ARG PROJECT_VERSION +ARG ARTIFACT_ID + +# Remember where we came from +LABEL io.confluent.docker.git.repo="confluentinc/common-docker" + +ARG GIT_COMMIT +LABEL io.confluent.docker.git.id=$GIT_COMMIT + +ARG BUILD_NUMBER=-1 +LABEL io.confluent.docker.build.number=$BUILD_NUMBER + +LABEL maintainer="tools@confluent.io" +LABEL vendor="Confluent" +LABEL version=$GIT_COMMIT +LABEL release=$PROJECT_VERSION +LABEL name=$ARTIFACT_ID +LABEL summary="Common base image for new Confluent lightweight Docker images." +LABEL description="Common base image for Confluent lightweight Docker images." +LABEL io.confluent.docker=true +# This affects how strings in Java class files are interpreted. We want UTF-8 and this is the only locale in the +# base image that supports it +ENV LANG="C.UTF-8" + +#ARG MICRODIR +COPY --from=BUILD /usr/lib/jvm/temurin-17-jre/ . + +ENV PATH="jre/bin:${PATH}" + +RUN echo "appuser:x:1001:1001::/home/appuser:/bin/sh" >> /etc/passwd && \ + mkdir -p /home/appuser && \ + chown 1001:1001 /home/appuser + +USER appuser +WORKDIR /home/appuser From f3c7fbf1160586692bb1df0704e172274bd5a658 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 6 Nov 2024 12:12:30 +0530 Subject: [PATCH 05/49] add mvn build --- refresh/pom.xml | 120 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) create mode 100644 refresh/pom.xml diff --git a/refresh/pom.xml b/refresh/pom.xml new file mode 100644 index 0000000000..958459fb17 --- /dev/null +++ b/refresh/pom.xml @@ -0,0 +1,120 @@ + + + + + 4.0.0 + + + io.confluent + common-docker + 7.9.0-0 + + + pom + + cp-base-refresh + + Refreshed Base for Confluent Docker images + ${project.artifactId} + + + false + false + true + + + + + io.confluent + utility-belt + ${io.confluent.common-docker.version} + + + junit + junit + ${junit.version} + test + + + + + + + maven-resources-plugin + ${maven-resources-plugin.version} + + + copy-resources + compile + + copy-resources + + + true + target + + + ${basedir}/../docker-utils/target + + docker-utils-${CONFLUENT_VERSION}-jar-with-dependencies.jar + + + + + + + + + com.spotify + dockerfile-maven-plugin + + + ${ubi.image.version} + ${ubi.micro.image.version} + -${ubi.temurin.jdk.version} + ${docker.skip-security-update-check} + ${golang.version} + + + + + io.fabric8 + docker-maven-plugin + 0.43.4 + + + + + + ${ubi.image.version} + ${ubi.micro.image.version} + -${ubi.temurin.jdk.version} + + ${docker.skip-security-update-check} + + ${golang.version} + + + + + + + + + From 529ac038faca92326408b18e7c7c633046517584 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 6 Nov 2024 15:24:40 +0530 Subject: [PATCH 06/49] minor fix to env var --- refresh/Dockerfile.ubi8 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/refresh/Dockerfile.ubi8 b/refresh/Dockerfile.ubi8 index dfecc6862a..218275714c 100644 --- a/refresh/Dockerfile.ubi8 +++ b/refresh/Dockerfile.ubi8 @@ -41,9 +41,9 @@ LABEL io.confluent.docker=true ENV LANG="C.UTF-8" #ARG MICRODIR -COPY --from=BUILD /usr/lib/jvm/temurin-17-jre/ . +COPY --from=BUILD /usr/lib/jvm/temurin-17-jre/ usr/lib -ENV PATH="jre/bin:${PATH}" +ENV PATH="/usr/lib/bin:${PATH}" RUN echo "appuser:x:1001:1001::/home/appuser:/bin/sh" >> /etc/passwd && \ mkdir -p /home/appuser && \ From b104644b8c455182a32912a5c37b8d1a3ed1cdb4 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 6 Nov 2024 15:41:54 +0530 Subject: [PATCH 07/49] add remaining files --- refresh/requirements.txt | 1 + refresh/setup.py | 23 ++++++++++++++++++++++ refresh/tox.ini | 41 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 65 insertions(+) create mode 100644 refresh/requirements.txt create mode 100644 refresh/setup.py create mode 100644 refresh/tox.ini diff --git a/refresh/requirements.txt b/refresh/requirements.txt new file mode 100644 index 0000000000..879b1e1d13 --- /dev/null +++ b/refresh/requirements.txt @@ -0,0 +1 @@ +git+https://github.com/confluentinc/confluent-docker-utils@v0.0.96 diff --git a/refresh/setup.py b/refresh/setup.py new file mode 100644 index 0000000000..9c69fc03cc --- /dev/null +++ b/refresh/setup.py @@ -0,0 +1,23 @@ +from setuptools import setup + + +setup( + name='common-tests', + version='4.1.0', + + author="Confluent, Inc.", + + description='Docker image tests', + + url="https://github.com/confluentinc/common", + + dependency_links=open('requirements.txt').read().split("\n"), + + packages=['test'], + + include_package_data=True, + + python_requires='>=2.7', + setup_requires=['setuptools-git'], + +) diff --git a/refresh/tox.ini b/refresh/tox.ini new file mode 100644 index 0000000000..af5b6fe10e --- /dev/null +++ b/refresh/tox.ini @@ -0,0 +1,41 @@ +[tox] +envlist = test +toxworkdir = /var/tmp + +[testenv] +deps = + -rrequirements.txt + flake8 + pytest == 4.6.4 + pytest-xdist == 1.29.0 + pytest-cov == 2.7.1 + sphinx!=1.2b2,<2.0.0 +install_command = pip install -U {packages} +recreate = True +skipsdist = True +usedevelop = True +setenv = + PIP_PROCESS_DEPENDENCY_LINKS=1 + PIP_DEFAULT_TIMEOUT=60 + ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future +basepython = python +envdir = {toxworkdir}/confluent + +[testenv:test] +commands = + py.test --color=no {env:PYTESTARGS:} test + +[testenv:style] +commands = + flake8 --config tox.ini + +[testenv:cover] +commands = + py.test {env:PYTESTARGS:} --cov . --cov-report=xml --cov-report=html --cov-report=term test + +[flake8] +ignore = E111,E121,W292,E123,E226 +max-line-length = 160 + +[pytest] +addopts = -n 1 From d1014b9f4ddee310bffb436f3eb20d7a2e0d8a44 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 6 Nov 2024 16:00:31 +0530 Subject: [PATCH 08/49] add tests --- refresh/test/test_refresh_image.py | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 refresh/test/test_refresh_image.py diff --git a/refresh/test/test_refresh_image.py b/refresh/test/test_refresh_image.py new file mode 100644 index 0000000000..55653f3252 --- /dev/null +++ b/refresh/test/test_refresh_image.py @@ -0,0 +1,21 @@ +import os +import unittest + +import confluent.docker_utils as utils + + +class BaseRefreshImageTest(unittest.TestCase): + + def setUp(self): + self.image = "{0}confluentinc/cp-base-refresh:{1}".format(os.environ["DOCKER_REGISTRY"], os.environ["DOCKER_TAG"]) + + def test_image_build(self): + self.assertTrue(utils.image_exists(self.image)) + + def test_jre_17_installed(self): + jre_cmd = "java --version" + result = utils.run_docker_command(image=self.image, command=jre_cmd) + self.assertTrue(b'17' in result) + +if __name__ == '__main__': + unittest.main() \ No newline at end of file From 241633b55418ab739a128c94e595fd5702bad9d0 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Tue, 12 Nov 2024 15:35:41 +0530 Subject: [PATCH 09/49] add tests for ub --- refresh/test/test_refresh_image.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/refresh/test/test_refresh_image.py b/refresh/test/test_refresh_image.py index 55653f3252..94ae271f7d 100644 --- a/refresh/test/test_refresh_image.py +++ b/refresh/test/test_refresh_image.py @@ -17,5 +17,12 @@ def test_jre_17_installed(self): result = utils.run_docker_command(image=self.image, command=jre_cmd) self.assertTrue(b'17' in result) + def test_ub_exists(self): + self.assertTrue(utils.path_exists_in_image(self.image, "/usr/bin/ub")) + + def test_ub_runnable(self): + ub_cmd = "bash -c '/usr/bin/ub -h'" + self.assertTrue(b"utility commands" in utils.run_docker_command(image=self.image, command=ub_cmd)) + if __name__ == '__main__': unittest.main() \ No newline at end of file From da30d3feedfd9af51e147a131fd9c0979bb7f7e0 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Tue, 12 Nov 2024 15:38:48 +0530 Subject: [PATCH 10/49] add ub tests --- refresh/Dockerfile.ubi8 | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/refresh/Dockerfile.ubi8 b/refresh/Dockerfile.ubi8 index 218275714c..b350a2f068 100644 --- a/refresh/Dockerfile.ubi8 +++ b/refresh/Dockerfile.ubi8 @@ -1,6 +1,9 @@ ARG MICRODIR=/microdir ARG UBI_MICRO_VERSION=8.10-13 ARG TEMURIN_JDK_VERSION="17.0.13.0.0.11-2" +ARG DOCKER_UPSTREAM_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" +ARG DOCKER_UPSTREAM_TAG="7.9.x-latest-ubi8" + FROM registry.access.redhat.com/ubi8 AS BUILD RUN printf "[temurin-jre] \n\ @@ -15,6 +18,8 @@ RUN yum --nodocs install -y --setopt=install_weak_deps=False temurin-17-jre RUN yum clean all +FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-lite:${DOCKER_UPSTREAM_TAG} AS BASE-LITE + FROM registry.access.redhat.com/ubi8-micro:${UBI_MICRO_VERSION} AS REFRESH ARG PROJECT_VERSION ARG ARTIFACT_ID @@ -42,6 +47,7 @@ ENV LANG="C.UTF-8" #ARG MICRODIR COPY --from=BUILD /usr/lib/jvm/temurin-17-jre/ usr/lib +COPY --from=BASE-LITE /usr/bin /usr/bin ENV PATH="/usr/lib/bin:${PATH}" From ea65844471c18580222ba5998e86d9f382739122 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Tue, 12 Nov 2024 15:52:28 +0530 Subject: [PATCH 11/49] add cp-base-refresh to deploy pipeline --- .semaphore/semaphore.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 7d4149c8a6..d809e2f240 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -72,7 +72,7 @@ global_job_config: - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_DEV_REGISTRY - export LATEST_TAG=$BRANCH_TAG-latest - export DOCKER_UPSTREAM_TAG="$LATEST_TAG" - - export DOCKER_REPOS="confluentinc/cp-base-new confluentinc/cp-base-lite confluentinc/cp-jmxterm" + - export DOCKER_REPOS="confluentinc/cp-base-refresh confluentinc/cp-base-new confluentinc/cp-base-lite confluentinc/cp-jmxterm" - export DOCKER_DEV_TAG="dev-$BRANCH_TAG-$BUILD_NUMBER" - export AMD_ARCH=.amd64 - export ARM_ARCH=.arm64 From 42421f462b410d843c5e1f32e2e45702d3411390 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 13 Nov 2024 11:10:15 +0530 Subject: [PATCH 12/49] remove tag --- refresh/Dockerfile.ubi8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/refresh/Dockerfile.ubi8 b/refresh/Dockerfile.ubi8 index b350a2f068..33c534fe63 100644 --- a/refresh/Dockerfile.ubi8 +++ b/refresh/Dockerfile.ubi8 @@ -2,7 +2,7 @@ ARG MICRODIR=/microdir ARG UBI_MICRO_VERSION=8.10-13 ARG TEMURIN_JDK_VERSION="17.0.13.0.0.11-2" ARG DOCKER_UPSTREAM_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" -ARG DOCKER_UPSTREAM_TAG="7.9.x-latest-ubi8" +ARG DOCKER_UPSTREAM_TAG FROM registry.access.redhat.com/ubi8 AS BUILD From 5b32376889b706f324e7f00f3af958acb5917ef0 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 13 Nov 2024 11:48:05 +0530 Subject: [PATCH 13/49] remove tag --- refresh/Dockerfile.ubi8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/refresh/Dockerfile.ubi8 b/refresh/Dockerfile.ubi8 index 33c534fe63..e98592cf48 100644 --- a/refresh/Dockerfile.ubi8 +++ b/refresh/Dockerfile.ubi8 @@ -18,7 +18,7 @@ RUN yum --nodocs install -y --setopt=install_weak_deps=False temurin-17-jre RUN yum clean all -FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-lite:${DOCKER_UPSTREAM_TAG} AS BASE-LITE +FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-lite AS BASE-LITE FROM registry.access.redhat.com/ubi8-micro:${UBI_MICRO_VERSION} AS REFRESH ARG PROJECT_VERSION From bbaff1bdbd4afdd72b5ed44cda1f29beaaef111a Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 13 Nov 2024 14:37:38 +0530 Subject: [PATCH 14/49] use cp-base-lite --- refresh/Dockerfile.ubi8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/refresh/Dockerfile.ubi8 b/refresh/Dockerfile.ubi8 index e98592cf48..6a0a7758e7 100644 --- a/refresh/Dockerfile.ubi8 +++ b/refresh/Dockerfile.ubi8 @@ -18,7 +18,7 @@ RUN yum --nodocs install -y --setopt=install_weak_deps=False temurin-17-jre RUN yum clean all -FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-lite AS BASE-LITE +FROM 519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/confluentinc/cp-base-lite:7.9.x-latest-ubi8 AS BASE-LITE FROM registry.access.redhat.com/ubi8-micro:${UBI_MICRO_VERSION} AS REFRESH ARG PROJECT_VERSION From 664c82c874dd87f8beda267ebb4a2f2af67cebb4 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 20 Nov 2024 19:16:12 +0530 Subject: [PATCH 15/49] add dedupe scripts --- refresh/package_dedupe/package_dedupe.go | 68 ++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 refresh/package_dedupe/package_dedupe.go diff --git a/refresh/package_dedupe/package_dedupe.go b/refresh/package_dedupe/package_dedupe.go new file mode 100644 index 0000000000..7af27b59d4 --- /dev/null +++ b/refresh/package_dedupe/package_dedupe.go @@ -0,0 +1,68 @@ +package main + +import ( + "crypto/sha1" + + "fmt" + + "io" + "log" + "os" + "path/filepath" +) + +func dedupe_packages(rootPath string) { + sha2path := make(map[string]string) + err := filepath.Walk(rootPath, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if info.IsDir() || info.Mode()&os.ModeSymlink != 0 { + return nil + } + sha, err := shaSum(path) + if err != nil { + return err + } + if orig, exists := sha2path[sha]; exists { + relPath, err := filepath.Rel(filepath.Dir(path), orig) + if err != nil { + return err + } + os.Remove(path) + err = os.Symlink(relPath, path) + if err != nil { + return err + } + log.Printf("DEDUP: ln -sf %s %s\n", orig, path) + } else { + sha2path[sha] = path + } + return nil + }) + if err != nil { + log.Fatal(err) + } +} + +func shaSum(path string) (string, error) { + file, err := os.Open(path) + if err != nil { + return "", err + } + defer file.Close() + hash := sha1.New() + if _, err := io.Copy(hash, file); err != nil { + return "", err + } + return fmt.Sprintf("%x", hash.Sum(nil)), nil +} + +func main() { + if len(os.Args) != 2 { + fmt.Println("Usage: dedupe_packages ") + os.Exit(1) + } + basePath := os.Args[1] + dedupe_packages(basePath) +} \ No newline at end of file From c50952453eb534b38b9bf2d09eba4a0b5ec29d2c Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 20 Nov 2024 19:16:39 +0530 Subject: [PATCH 16/49] add dedupe scripts and jars --- refresh/Dockerfile.ubi8 | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/refresh/Dockerfile.ubi8 b/refresh/Dockerfile.ubi8 index 6a0a7758e7..1931a7d79e 100644 --- a/refresh/Dockerfile.ubi8 +++ b/refresh/Dockerfile.ubi8 @@ -3,6 +3,7 @@ ARG UBI_MICRO_VERSION=8.10-13 ARG TEMURIN_JDK_VERSION="17.0.13.0.0.11-2" ARG DOCKER_UPSTREAM_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" ARG DOCKER_UPSTREAM_TAG +ARG GOLANG_VERSION FROM registry.access.redhat.com/ubi8 AS BUILD @@ -54,6 +55,16 @@ ENV PATH="/usr/lib/bin:${PATH}" RUN echo "appuser:x:1001:1001::/home/appuser:/bin/sh" >> /etc/passwd && \ mkdir -p /home/appuser && \ chown 1001:1001 /home/appuser + +COPY --chown=appuser:appuser target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ +RUN cd /usr/share/java \ + && package_dedupe $(pwd) + +FROM docker.io/golang:${GOLANG_VERSION} AS build_package_dedupe +WORKDIR /build +RUN useradd --no-log-init --create-home --shell /bin/bash appuser +COPY --chown=appuser:appuser package_dedupe/package_dedupe.go ./ +RUN go build -ldflags="-w -s" ./package_dedupe.go USER appuser WORKDIR /home/appuser From ce04ac75c132d0e6c7b340cfd2ba78f2a30b909b Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 20 Nov 2024 20:30:45 +0530 Subject: [PATCH 17/49] minor fixes to user group --- refresh/Dockerfile.ubi8 | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/refresh/Dockerfile.ubi8 b/refresh/Dockerfile.ubi8 index 1931a7d79e..90d107dea7 100644 --- a/refresh/Dockerfile.ubi8 +++ b/refresh/Dockerfile.ubi8 @@ -5,6 +5,12 @@ ARG DOCKER_UPSTREAM_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docke ARG DOCKER_UPSTREAM_TAG ARG GOLANG_VERSION +FROM docker.io/golang:${GOLANG_VERSION} AS build_package_dedupe +WORKDIR /build +RUN useradd --no-log-init --create-home --shell /bin/bash appuser +COPY --chown=appuser:appuser package_dedupe/package_dedupe.go ./ +RUN go build -ldflags="-w -s" ./package_dedupe.go + FROM registry.access.redhat.com/ubi8 AS BUILD RUN printf "[temurin-jre] \n\ @@ -49,22 +55,19 @@ ENV LANG="C.UTF-8" #ARG MICRODIR COPY --from=BUILD /usr/lib/jvm/temurin-17-jre/ usr/lib COPY --from=BASE-LITE /usr/bin /usr/bin +COPY --from=build_package_dedupe /build/package_dedupe /usr/lib/bin/package_dedupe ENV PATH="/usr/lib/bin:${PATH}" RUN echo "appuser:x:1001:1001::/home/appuser:/bin/sh" >> /etc/passwd && \ mkdir -p /home/appuser && \ chown 1001:1001 /home/appuser + +COPY target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ +COPY target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/java/${ARTIFACT_ID}/* /usr/share/java/${ARTIFACT_ID}/ -COPY --chown=appuser:appuser target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ RUN cd /usr/share/java \ && package_dedupe $(pwd) -FROM docker.io/golang:${GOLANG_VERSION} AS build_package_dedupe -WORKDIR /build -RUN useradd --no-log-init --create-home --shell /bin/bash appuser -COPY --chown=appuser:appuser package_dedupe/package_dedupe.go ./ -RUN go build -ldflags="-w -s" ./package_dedupe.go - USER appuser WORKDIR /home/appuser From cabebb21c33f76749d71e516b3e2cdbbac4de970 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Fri, 20 Dec 2024 14:25:20 +0530 Subject: [PATCH 18/49] replace ubi8-micro with ubi8-minimal --- refresh/Dockerfile.ubi8 | 3 ++- refresh/pom.xml | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/refresh/Dockerfile.ubi8 b/refresh/Dockerfile.ubi8 index 90d107dea7..3a849067b8 100644 --- a/refresh/Dockerfile.ubi8 +++ b/refresh/Dockerfile.ubi8 @@ -4,6 +4,7 @@ ARG TEMURIN_JDK_VERSION="17.0.13.0.0.11-2" ARG DOCKER_UPSTREAM_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" ARG DOCKER_UPSTREAM_TAG ARG GOLANG_VERSION +ARG UBI_MINIMAL_VERSION="latest" FROM docker.io/golang:${GOLANG_VERSION} AS build_package_dedupe WORKDIR /build @@ -27,7 +28,7 @@ RUN yum clean all FROM 519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/confluentinc/cp-base-lite:7.9.x-latest-ubi8 AS BASE-LITE -FROM registry.access.redhat.com/ubi8-micro:${UBI_MICRO_VERSION} AS REFRESH +FROM registry.access.redhat.com/ubi8-minimal:${UBI_MINIMAL_VERSION} AS REFRESH ARG PROJECT_VERSION ARG ARTIFACT_ID diff --git a/refresh/pom.xml b/refresh/pom.xml index 958459fb17..9b6fb87707 100644 --- a/refresh/pom.xml +++ b/refresh/pom.xml @@ -28,7 +28,7 @@ pom - cp-base-refresh + cp-base-jre17 Refreshed Base for Confluent Docker images ${project.artifactId} From a71423d68496d14184ee8c32ee582933727c958a Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 15 Jan 2025 15:19:14 +0530 Subject: [PATCH 19/49] rename image to cp-base-jre17 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f568f634bb..0b61ef52a0 100644 --- a/pom.xml +++ b/pom.xml @@ -21,7 +21,7 @@ utility-belt docker-utils - refresh + cp-base-jre17 base base-lite jmxterm From 2f4fabace2222320b455dc92124fb3c98d756233 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 15 Jan 2025 15:20:03 +0530 Subject: [PATCH 20/49] rename image to cp-base-jre17 --- cp-base-jre17/Dockerfile.ubi8 | 74 +++++++++++ .../include/etc/confluent/docker/bash-config | 23 ++++ .../etc/confluent/docker/mesos-setup.sh | 27 ++++ .../include/etc/cp-base-new/log4j.properties | 28 ++++ .../package_dedupe/package_dedupe.go | 68 ++++++++++ cp-base-jre17/pom.xml | 120 ++++++++++++++++++ cp-base-jre17/requirements.txt | 1 + cp-base-jre17/setup.py | 23 ++++ cp-base-jre17/test/test_refresh_image.py | 28 ++++ cp-base-jre17/tox.ini | 41 ++++++ 10 files changed, 433 insertions(+) create mode 100644 cp-base-jre17/Dockerfile.ubi8 create mode 100644 cp-base-jre17/include/etc/confluent/docker/bash-config create mode 100644 cp-base-jre17/include/etc/confluent/docker/mesos-setup.sh create mode 100644 cp-base-jre17/include/etc/cp-base-new/log4j.properties create mode 100644 cp-base-jre17/package_dedupe/package_dedupe.go create mode 100644 cp-base-jre17/pom.xml create mode 100644 cp-base-jre17/requirements.txt create mode 100644 cp-base-jre17/setup.py create mode 100644 cp-base-jre17/test/test_refresh_image.py create mode 100644 cp-base-jre17/tox.ini diff --git a/cp-base-jre17/Dockerfile.ubi8 b/cp-base-jre17/Dockerfile.ubi8 new file mode 100644 index 0000000000..3a849067b8 --- /dev/null +++ b/cp-base-jre17/Dockerfile.ubi8 @@ -0,0 +1,74 @@ +ARG MICRODIR=/microdir +ARG UBI_MICRO_VERSION=8.10-13 +ARG TEMURIN_JDK_VERSION="17.0.13.0.0.11-2" +ARG DOCKER_UPSTREAM_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" +ARG DOCKER_UPSTREAM_TAG +ARG GOLANG_VERSION +ARG UBI_MINIMAL_VERSION="latest" + +FROM docker.io/golang:${GOLANG_VERSION} AS build_package_dedupe +WORKDIR /build +RUN useradd --no-log-init --create-home --shell /bin/bash appuser +COPY --chown=appuser:appuser package_dedupe/package_dedupe.go ./ +RUN go build -ldflags="-w -s" ./package_dedupe.go + +FROM registry.access.redhat.com/ubi8 AS BUILD + +RUN printf "[temurin-jre] \n\ +name=temurin-jre \n\ +baseurl=https://packages.adoptium.net/artifactory/rpm/rhel/\$releasever/\$basearch \n\ +enabled=1 \n\ +gpgcheck=1 \n\ +gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ +" > /etc/yum.repos.d/adoptium.repo +RUN echo "installing temurin-17-jre:${TEMURIN_JDK_VERSION}" +RUN yum --nodocs install -y --setopt=install_weak_deps=False temurin-17-jre + +RUN yum clean all + +FROM 519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/confluentinc/cp-base-lite:7.9.x-latest-ubi8 AS BASE-LITE + +FROM registry.access.redhat.com/ubi8-minimal:${UBI_MINIMAL_VERSION} AS REFRESH +ARG PROJECT_VERSION +ARG ARTIFACT_ID + +# Remember where we came from +LABEL io.confluent.docker.git.repo="confluentinc/common-docker" + +ARG GIT_COMMIT +LABEL io.confluent.docker.git.id=$GIT_COMMIT + +ARG BUILD_NUMBER=-1 +LABEL io.confluent.docker.build.number=$BUILD_NUMBER + +LABEL maintainer="tools@confluent.io" +LABEL vendor="Confluent" +LABEL version=$GIT_COMMIT +LABEL release=$PROJECT_VERSION +LABEL name=$ARTIFACT_ID +LABEL summary="Common base image for new Confluent lightweight Docker images." +LABEL description="Common base image for Confluent lightweight Docker images." +LABEL io.confluent.docker=true +# This affects how strings in Java class files are interpreted. We want UTF-8 and this is the only locale in the +# base image that supports it +ENV LANG="C.UTF-8" + +#ARG MICRODIR +COPY --from=BUILD /usr/lib/jvm/temurin-17-jre/ usr/lib +COPY --from=BASE-LITE /usr/bin /usr/bin +COPY --from=build_package_dedupe /build/package_dedupe /usr/lib/bin/package_dedupe + +ENV PATH="/usr/lib/bin:${PATH}" + +RUN echo "appuser:x:1001:1001::/home/appuser:/bin/sh" >> /etc/passwd && \ + mkdir -p /home/appuser && \ + chown 1001:1001 /home/appuser + +COPY target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ +COPY target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/java/${ARTIFACT_ID}/* /usr/share/java/${ARTIFACT_ID}/ + +RUN cd /usr/share/java \ + && package_dedupe $(pwd) + +USER appuser +WORKDIR /home/appuser diff --git a/cp-base-jre17/include/etc/confluent/docker/bash-config b/cp-base-jre17/include/etc/confluent/docker/bash-config new file mode 100644 index 0000000000..43c08d9b50 --- /dev/null +++ b/cp-base-jre17/include/etc/confluent/docker/bash-config @@ -0,0 +1,23 @@ +# +# Copyright 2018 Confluent Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o nounset \ + -o errexit + +# Trace may expose passwords/credentials by printing them to stdout, so turn on with care. +if [ "${TRACE:-}" == "true" ]; then + set -o verbose \ + -o xtrace +fi diff --git a/cp-base-jre17/include/etc/confluent/docker/mesos-setup.sh b/cp-base-jre17/include/etc/confluent/docker/mesos-setup.sh new file mode 100644 index 0000000000..b3874daf6d --- /dev/null +++ b/cp-base-jre17/include/etc/confluent/docker/mesos-setup.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +set +o nounset + +if [ -z $SKIP_MESOS_AUTO_SETUP ]; then + if [ -n $MESOS_SANDBOX ] && [ -e $MESOS_SANDBOX/.ssl/scheduler.crt ] && [ -e $MESOS_SANDBOX/.ssl/scheduler.key ]; then + echo "Entering Mesos auto setup for Java SSL truststore. You should not see this if you are not on mesos ..." + + openssl pkcs12 -export -in $MESOS_SANDBOX/.ssl/scheduler.crt -inkey $MESOS_SANDBOX/.ssl/scheduler.key \ + -out /tmp/keypair.p12 -name keypair \ + -CAfile $MESOS_SANDBOX/.ssl/ca-bundle.crt -caname root -passout pass:export + + keytool -importkeystore \ + -deststorepass changeit -destkeypass changeit -destkeystore /tmp/kafka-keystore.jks \ + -srckeystore /tmp/keypair.p12 -srcstoretype PKCS12 -srcstorepass export \ + -alias keypair + + keytool -import \ + -trustcacerts \ + -alias root \ + -file $MESOS_SANDBOX/.ssl/ca-bundle.crt \ + -storepass changeit \ + -keystore /tmp/kafka-truststore.jks -noprompt + fi +fi + +set -o nounset diff --git a/cp-base-jre17/include/etc/cp-base-new/log4j.properties b/cp-base-jre17/include/etc/cp-base-new/log4j.properties new file mode 100644 index 0000000000..40fd0b7329 --- /dev/null +++ b/cp-base-jre17/include/etc/cp-base-new/log4j.properties @@ -0,0 +1,28 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +log4j.rootLogger=OFF + +# Only log errors from Kafka and ZKClient +log4j.logger.org.apache.kafka=ERROR +log4j.logger.org.I0Itec.zkclient.ZkClient=ERROR + +# Log informational messages from the CLI and Zookeeper +log4j.logger.io.confluent.admin.utils=INFO, stderr +log4j.logger.org.apache.zookeeper=INFO, stderr +# STDERR Appender +log4j.appender.stderr=org.apache.log4j.ConsoleAppender +log4j.appender.stderr.layout=org.apache.log4j.PatternLayout +log4j.appender.stderr.Target=System.err +log4j.appender.stderr.layout.ConversionPattern=%m%n diff --git a/cp-base-jre17/package_dedupe/package_dedupe.go b/cp-base-jre17/package_dedupe/package_dedupe.go new file mode 100644 index 0000000000..7af27b59d4 --- /dev/null +++ b/cp-base-jre17/package_dedupe/package_dedupe.go @@ -0,0 +1,68 @@ +package main + +import ( + "crypto/sha1" + + "fmt" + + "io" + "log" + "os" + "path/filepath" +) + +func dedupe_packages(rootPath string) { + sha2path := make(map[string]string) + err := filepath.Walk(rootPath, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if info.IsDir() || info.Mode()&os.ModeSymlink != 0 { + return nil + } + sha, err := shaSum(path) + if err != nil { + return err + } + if orig, exists := sha2path[sha]; exists { + relPath, err := filepath.Rel(filepath.Dir(path), orig) + if err != nil { + return err + } + os.Remove(path) + err = os.Symlink(relPath, path) + if err != nil { + return err + } + log.Printf("DEDUP: ln -sf %s %s\n", orig, path) + } else { + sha2path[sha] = path + } + return nil + }) + if err != nil { + log.Fatal(err) + } +} + +func shaSum(path string) (string, error) { + file, err := os.Open(path) + if err != nil { + return "", err + } + defer file.Close() + hash := sha1.New() + if _, err := io.Copy(hash, file); err != nil { + return "", err + } + return fmt.Sprintf("%x", hash.Sum(nil)), nil +} + +func main() { + if len(os.Args) != 2 { + fmt.Println("Usage: dedupe_packages ") + os.Exit(1) + } + basePath := os.Args[1] + dedupe_packages(basePath) +} \ No newline at end of file diff --git a/cp-base-jre17/pom.xml b/cp-base-jre17/pom.xml new file mode 100644 index 0000000000..9b6fb87707 --- /dev/null +++ b/cp-base-jre17/pom.xml @@ -0,0 +1,120 @@ + + + + + 4.0.0 + + + io.confluent + common-docker + 7.9.0-0 + + + pom + + cp-base-jre17 + + Refreshed Base for Confluent Docker images + ${project.artifactId} + + + false + false + true + + + + + io.confluent + utility-belt + ${io.confluent.common-docker.version} + + + junit + junit + ${junit.version} + test + + + + + + + maven-resources-plugin + ${maven-resources-plugin.version} + + + copy-resources + compile + + copy-resources + + + true + target + + + ${basedir}/../docker-utils/target + + docker-utils-${CONFLUENT_VERSION}-jar-with-dependencies.jar + + + + + + + + + com.spotify + dockerfile-maven-plugin + + + ${ubi.image.version} + ${ubi.micro.image.version} + -${ubi.temurin.jdk.version} + ${docker.skip-security-update-check} + ${golang.version} + + + + + io.fabric8 + docker-maven-plugin + 0.43.4 + + + + + + ${ubi.image.version} + ${ubi.micro.image.version} + -${ubi.temurin.jdk.version} + + ${docker.skip-security-update-check} + + ${golang.version} + + + + + + + + + diff --git a/cp-base-jre17/requirements.txt b/cp-base-jre17/requirements.txt new file mode 100644 index 0000000000..879b1e1d13 --- /dev/null +++ b/cp-base-jre17/requirements.txt @@ -0,0 +1 @@ +git+https://github.com/confluentinc/confluent-docker-utils@v0.0.96 diff --git a/cp-base-jre17/setup.py b/cp-base-jre17/setup.py new file mode 100644 index 0000000000..9c69fc03cc --- /dev/null +++ b/cp-base-jre17/setup.py @@ -0,0 +1,23 @@ +from setuptools import setup + + +setup( + name='common-tests', + version='4.1.0', + + author="Confluent, Inc.", + + description='Docker image tests', + + url="https://github.com/confluentinc/common", + + dependency_links=open('requirements.txt').read().split("\n"), + + packages=['test'], + + include_package_data=True, + + python_requires='>=2.7', + setup_requires=['setuptools-git'], + +) diff --git a/cp-base-jre17/test/test_refresh_image.py b/cp-base-jre17/test/test_refresh_image.py new file mode 100644 index 0000000000..94ae271f7d --- /dev/null +++ b/cp-base-jre17/test/test_refresh_image.py @@ -0,0 +1,28 @@ +import os +import unittest + +import confluent.docker_utils as utils + + +class BaseRefreshImageTest(unittest.TestCase): + + def setUp(self): + self.image = "{0}confluentinc/cp-base-refresh:{1}".format(os.environ["DOCKER_REGISTRY"], os.environ["DOCKER_TAG"]) + + def test_image_build(self): + self.assertTrue(utils.image_exists(self.image)) + + def test_jre_17_installed(self): + jre_cmd = "java --version" + result = utils.run_docker_command(image=self.image, command=jre_cmd) + self.assertTrue(b'17' in result) + + def test_ub_exists(self): + self.assertTrue(utils.path_exists_in_image(self.image, "/usr/bin/ub")) + + def test_ub_runnable(self): + ub_cmd = "bash -c '/usr/bin/ub -h'" + self.assertTrue(b"utility commands" in utils.run_docker_command(image=self.image, command=ub_cmd)) + +if __name__ == '__main__': + unittest.main() \ No newline at end of file diff --git a/cp-base-jre17/tox.ini b/cp-base-jre17/tox.ini new file mode 100644 index 0000000000..af5b6fe10e --- /dev/null +++ b/cp-base-jre17/tox.ini @@ -0,0 +1,41 @@ +[tox] +envlist = test +toxworkdir = /var/tmp + +[testenv] +deps = + -rrequirements.txt + flake8 + pytest == 4.6.4 + pytest-xdist == 1.29.0 + pytest-cov == 2.7.1 + sphinx!=1.2b2,<2.0.0 +install_command = pip install -U {packages} +recreate = True +skipsdist = True +usedevelop = True +setenv = + PIP_PROCESS_DEPENDENCY_LINKS=1 + PIP_DEFAULT_TIMEOUT=60 + ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future +basepython = python +envdir = {toxworkdir}/confluent + +[testenv:test] +commands = + py.test --color=no {env:PYTESTARGS:} test + +[testenv:style] +commands = + flake8 --config tox.ini + +[testenv:cover] +commands = + py.test {env:PYTESTARGS:} --cov . --cov-report=xml --cov-report=html --cov-report=term test + +[flake8] +ignore = E111,E121,W292,E123,E226 +max-line-length = 160 + +[pytest] +addopts = -n 1 From b16ec430351c4c5c2c5ea6fc4ffa7cc0be6a4715 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 15 Jan 2025 15:20:21 +0530 Subject: [PATCH 21/49] rename image to cp-base-jre17 --- refresh/Dockerfile.ubi8 | 74 ----------- .../include/etc/confluent/docker/bash-config | 23 ---- .../etc/confluent/docker/mesos-setup.sh | 27 ---- .../include/etc/cp-base-new/log4j.properties | 28 ---- refresh/package_dedupe/package_dedupe.go | 68 ---------- refresh/pom.xml | 120 ------------------ refresh/requirements.txt | 1 - refresh/setup.py | 23 ---- refresh/test/test_refresh_image.py | 28 ---- refresh/tox.ini | 41 ------ 10 files changed, 433 deletions(-) delete mode 100644 refresh/Dockerfile.ubi8 delete mode 100644 refresh/include/etc/confluent/docker/bash-config delete mode 100644 refresh/include/etc/confluent/docker/mesos-setup.sh delete mode 100644 refresh/include/etc/cp-base-new/log4j.properties delete mode 100644 refresh/package_dedupe/package_dedupe.go delete mode 100644 refresh/pom.xml delete mode 100644 refresh/requirements.txt delete mode 100644 refresh/setup.py delete mode 100644 refresh/test/test_refresh_image.py delete mode 100644 refresh/tox.ini diff --git a/refresh/Dockerfile.ubi8 b/refresh/Dockerfile.ubi8 deleted file mode 100644 index 3a849067b8..0000000000 --- a/refresh/Dockerfile.ubi8 +++ /dev/null @@ -1,74 +0,0 @@ -ARG MICRODIR=/microdir -ARG UBI_MICRO_VERSION=8.10-13 -ARG TEMURIN_JDK_VERSION="17.0.13.0.0.11-2" -ARG DOCKER_UPSTREAM_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" -ARG DOCKER_UPSTREAM_TAG -ARG GOLANG_VERSION -ARG UBI_MINIMAL_VERSION="latest" - -FROM docker.io/golang:${GOLANG_VERSION} AS build_package_dedupe -WORKDIR /build -RUN useradd --no-log-init --create-home --shell /bin/bash appuser -COPY --chown=appuser:appuser package_dedupe/package_dedupe.go ./ -RUN go build -ldflags="-w -s" ./package_dedupe.go - -FROM registry.access.redhat.com/ubi8 AS BUILD - -RUN printf "[temurin-jre] \n\ -name=temurin-jre \n\ -baseurl=https://packages.adoptium.net/artifactory/rpm/rhel/\$releasever/\$basearch \n\ -enabled=1 \n\ -gpgcheck=1 \n\ -gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ -" > /etc/yum.repos.d/adoptium.repo -RUN echo "installing temurin-17-jre:${TEMURIN_JDK_VERSION}" -RUN yum --nodocs install -y --setopt=install_weak_deps=False temurin-17-jre - -RUN yum clean all - -FROM 519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/confluentinc/cp-base-lite:7.9.x-latest-ubi8 AS BASE-LITE - -FROM registry.access.redhat.com/ubi8-minimal:${UBI_MINIMAL_VERSION} AS REFRESH -ARG PROJECT_VERSION -ARG ARTIFACT_ID - -# Remember where we came from -LABEL io.confluent.docker.git.repo="confluentinc/common-docker" - -ARG GIT_COMMIT -LABEL io.confluent.docker.git.id=$GIT_COMMIT - -ARG BUILD_NUMBER=-1 -LABEL io.confluent.docker.build.number=$BUILD_NUMBER - -LABEL maintainer="tools@confluent.io" -LABEL vendor="Confluent" -LABEL version=$GIT_COMMIT -LABEL release=$PROJECT_VERSION -LABEL name=$ARTIFACT_ID -LABEL summary="Common base image for new Confluent lightweight Docker images." -LABEL description="Common base image for Confluent lightweight Docker images." -LABEL io.confluent.docker=true -# This affects how strings in Java class files are interpreted. We want UTF-8 and this is the only locale in the -# base image that supports it -ENV LANG="C.UTF-8" - -#ARG MICRODIR -COPY --from=BUILD /usr/lib/jvm/temurin-17-jre/ usr/lib -COPY --from=BASE-LITE /usr/bin /usr/bin -COPY --from=build_package_dedupe /build/package_dedupe /usr/lib/bin/package_dedupe - -ENV PATH="/usr/lib/bin:${PATH}" - -RUN echo "appuser:x:1001:1001::/home/appuser:/bin/sh" >> /etc/passwd && \ - mkdir -p /home/appuser && \ - chown 1001:1001 /home/appuser - -COPY target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ -COPY target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/java/${ARTIFACT_ID}/* /usr/share/java/${ARTIFACT_ID}/ - -RUN cd /usr/share/java \ - && package_dedupe $(pwd) - -USER appuser -WORKDIR /home/appuser diff --git a/refresh/include/etc/confluent/docker/bash-config b/refresh/include/etc/confluent/docker/bash-config deleted file mode 100644 index 43c08d9b50..0000000000 --- a/refresh/include/etc/confluent/docker/bash-config +++ /dev/null @@ -1,23 +0,0 @@ -# -# Copyright 2018 Confluent Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o nounset \ - -o errexit - -# Trace may expose passwords/credentials by printing them to stdout, so turn on with care. -if [ "${TRACE:-}" == "true" ]; then - set -o verbose \ - -o xtrace -fi diff --git a/refresh/include/etc/confluent/docker/mesos-setup.sh b/refresh/include/etc/confluent/docker/mesos-setup.sh deleted file mode 100644 index b3874daf6d..0000000000 --- a/refresh/include/etc/confluent/docker/mesos-setup.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set +o nounset - -if [ -z $SKIP_MESOS_AUTO_SETUP ]; then - if [ -n $MESOS_SANDBOX ] && [ -e $MESOS_SANDBOX/.ssl/scheduler.crt ] && [ -e $MESOS_SANDBOX/.ssl/scheduler.key ]; then - echo "Entering Mesos auto setup for Java SSL truststore. You should not see this if you are not on mesos ..." - - openssl pkcs12 -export -in $MESOS_SANDBOX/.ssl/scheduler.crt -inkey $MESOS_SANDBOX/.ssl/scheduler.key \ - -out /tmp/keypair.p12 -name keypair \ - -CAfile $MESOS_SANDBOX/.ssl/ca-bundle.crt -caname root -passout pass:export - - keytool -importkeystore \ - -deststorepass changeit -destkeypass changeit -destkeystore /tmp/kafka-keystore.jks \ - -srckeystore /tmp/keypair.p12 -srcstoretype PKCS12 -srcstorepass export \ - -alias keypair - - keytool -import \ - -trustcacerts \ - -alias root \ - -file $MESOS_SANDBOX/.ssl/ca-bundle.crt \ - -storepass changeit \ - -keystore /tmp/kafka-truststore.jks -noprompt - fi -fi - -set -o nounset diff --git a/refresh/include/etc/cp-base-new/log4j.properties b/refresh/include/etc/cp-base-new/log4j.properties deleted file mode 100644 index 40fd0b7329..0000000000 --- a/refresh/include/etc/cp-base-new/log4j.properties +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -log4j.rootLogger=OFF - -# Only log errors from Kafka and ZKClient -log4j.logger.org.apache.kafka=ERROR -log4j.logger.org.I0Itec.zkclient.ZkClient=ERROR - -# Log informational messages from the CLI and Zookeeper -log4j.logger.io.confluent.admin.utils=INFO, stderr -log4j.logger.org.apache.zookeeper=INFO, stderr -# STDERR Appender -log4j.appender.stderr=org.apache.log4j.ConsoleAppender -log4j.appender.stderr.layout=org.apache.log4j.PatternLayout -log4j.appender.stderr.Target=System.err -log4j.appender.stderr.layout.ConversionPattern=%m%n diff --git a/refresh/package_dedupe/package_dedupe.go b/refresh/package_dedupe/package_dedupe.go deleted file mode 100644 index 7af27b59d4..0000000000 --- a/refresh/package_dedupe/package_dedupe.go +++ /dev/null @@ -1,68 +0,0 @@ -package main - -import ( - "crypto/sha1" - - "fmt" - - "io" - "log" - "os" - "path/filepath" -) - -func dedupe_packages(rootPath string) { - sha2path := make(map[string]string) - err := filepath.Walk(rootPath, func(path string, info os.FileInfo, err error) error { - if err != nil { - return err - } - if info.IsDir() || info.Mode()&os.ModeSymlink != 0 { - return nil - } - sha, err := shaSum(path) - if err != nil { - return err - } - if orig, exists := sha2path[sha]; exists { - relPath, err := filepath.Rel(filepath.Dir(path), orig) - if err != nil { - return err - } - os.Remove(path) - err = os.Symlink(relPath, path) - if err != nil { - return err - } - log.Printf("DEDUP: ln -sf %s %s\n", orig, path) - } else { - sha2path[sha] = path - } - return nil - }) - if err != nil { - log.Fatal(err) - } -} - -func shaSum(path string) (string, error) { - file, err := os.Open(path) - if err != nil { - return "", err - } - defer file.Close() - hash := sha1.New() - if _, err := io.Copy(hash, file); err != nil { - return "", err - } - return fmt.Sprintf("%x", hash.Sum(nil)), nil -} - -func main() { - if len(os.Args) != 2 { - fmt.Println("Usage: dedupe_packages ") - os.Exit(1) - } - basePath := os.Args[1] - dedupe_packages(basePath) -} \ No newline at end of file diff --git a/refresh/pom.xml b/refresh/pom.xml deleted file mode 100644 index 9b6fb87707..0000000000 --- a/refresh/pom.xml +++ /dev/null @@ -1,120 +0,0 @@ - - - - - 4.0.0 - - - io.confluent - common-docker - 7.9.0-0 - - - pom - - cp-base-jre17 - - Refreshed Base for Confluent Docker images - ${project.artifactId} - - - false - false - true - - - - - io.confluent - utility-belt - ${io.confluent.common-docker.version} - - - junit - junit - ${junit.version} - test - - - - - - - maven-resources-plugin - ${maven-resources-plugin.version} - - - copy-resources - compile - - copy-resources - - - true - target - - - ${basedir}/../docker-utils/target - - docker-utils-${CONFLUENT_VERSION}-jar-with-dependencies.jar - - - - - - - - - com.spotify - dockerfile-maven-plugin - - - ${ubi.image.version} - ${ubi.micro.image.version} - -${ubi.temurin.jdk.version} - ${docker.skip-security-update-check} - ${golang.version} - - - - - io.fabric8 - docker-maven-plugin - 0.43.4 - - - - - - ${ubi.image.version} - ${ubi.micro.image.version} - -${ubi.temurin.jdk.version} - - ${docker.skip-security-update-check} - - ${golang.version} - - - - - - - - - diff --git a/refresh/requirements.txt b/refresh/requirements.txt deleted file mode 100644 index 879b1e1d13..0000000000 --- a/refresh/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -git+https://github.com/confluentinc/confluent-docker-utils@v0.0.96 diff --git a/refresh/setup.py b/refresh/setup.py deleted file mode 100644 index 9c69fc03cc..0000000000 --- a/refresh/setup.py +++ /dev/null @@ -1,23 +0,0 @@ -from setuptools import setup - - -setup( - name='common-tests', - version='4.1.0', - - author="Confluent, Inc.", - - description='Docker image tests', - - url="https://github.com/confluentinc/common", - - dependency_links=open('requirements.txt').read().split("\n"), - - packages=['test'], - - include_package_data=True, - - python_requires='>=2.7', - setup_requires=['setuptools-git'], - -) diff --git a/refresh/test/test_refresh_image.py b/refresh/test/test_refresh_image.py deleted file mode 100644 index 94ae271f7d..0000000000 --- a/refresh/test/test_refresh_image.py +++ /dev/null @@ -1,28 +0,0 @@ -import os -import unittest - -import confluent.docker_utils as utils - - -class BaseRefreshImageTest(unittest.TestCase): - - def setUp(self): - self.image = "{0}confluentinc/cp-base-refresh:{1}".format(os.environ["DOCKER_REGISTRY"], os.environ["DOCKER_TAG"]) - - def test_image_build(self): - self.assertTrue(utils.image_exists(self.image)) - - def test_jre_17_installed(self): - jre_cmd = "java --version" - result = utils.run_docker_command(image=self.image, command=jre_cmd) - self.assertTrue(b'17' in result) - - def test_ub_exists(self): - self.assertTrue(utils.path_exists_in_image(self.image, "/usr/bin/ub")) - - def test_ub_runnable(self): - ub_cmd = "bash -c '/usr/bin/ub -h'" - self.assertTrue(b"utility commands" in utils.run_docker_command(image=self.image, command=ub_cmd)) - -if __name__ == '__main__': - unittest.main() \ No newline at end of file diff --git a/refresh/tox.ini b/refresh/tox.ini deleted file mode 100644 index af5b6fe10e..0000000000 --- a/refresh/tox.ini +++ /dev/null @@ -1,41 +0,0 @@ -[tox] -envlist = test -toxworkdir = /var/tmp - -[testenv] -deps = - -rrequirements.txt - flake8 - pytest == 4.6.4 - pytest-xdist == 1.29.0 - pytest-cov == 2.7.1 - sphinx!=1.2b2,<2.0.0 -install_command = pip install -U {packages} -recreate = True -skipsdist = True -usedevelop = True -setenv = - PIP_PROCESS_DEPENDENCY_LINKS=1 - PIP_DEFAULT_TIMEOUT=60 - ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future -basepython = python -envdir = {toxworkdir}/confluent - -[testenv:test] -commands = - py.test --color=no {env:PYTESTARGS:} test - -[testenv:style] -commands = - flake8 --config tox.ini - -[testenv:cover] -commands = - py.test {env:PYTESTARGS:} --cov . --cov-report=xml --cov-report=html --cov-report=term test - -[flake8] -ignore = E111,E121,W292,E123,E226 -max-line-length = 160 - -[pytest] -addopts = -n 1 From 8101e308087b8cf1bcddfcbb06588457ce8ec26b Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 15 Jan 2025 15:24:22 +0530 Subject: [PATCH 22/49] add env var for ubi9 version --- pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/pom.xml b/pom.xml index 0b61ef52a0..9045759e38 100644 --- a/pom.xml +++ b/pom.xml @@ -35,6 +35,7 @@ 7.9.0-0 8.10-1086 + 9.5-1736404155 8.10-13 3.0.9 From 9fecdd0aa1e9e4c43832920baec1be0039af51f8 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 15 Jan 2025 15:24:36 +0530 Subject: [PATCH 23/49] use env var for ubi9 minimal version --- cp-base-jre17/Dockerfile.ubi8 | 3 ++- cp-base-jre17/pom.xml | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/cp-base-jre17/Dockerfile.ubi8 b/cp-base-jre17/Dockerfile.ubi8 index 3a849067b8..325f2858c1 100644 --- a/cp-base-jre17/Dockerfile.ubi8 +++ b/cp-base-jre17/Dockerfile.ubi8 @@ -5,6 +5,7 @@ ARG DOCKER_UPSTREAM_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docke ARG DOCKER_UPSTREAM_TAG ARG GOLANG_VERSION ARG UBI_MINIMAL_VERSION="latest" +ARG UBI9_MINIMAL_VERSION="latest" FROM docker.io/golang:${GOLANG_VERSION} AS build_package_dedupe WORKDIR /build @@ -28,7 +29,7 @@ RUN yum clean all FROM 519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/confluentinc/cp-base-lite:7.9.x-latest-ubi8 AS BASE-LITE -FROM registry.access.redhat.com/ubi8-minimal:${UBI_MINIMAL_VERSION} AS REFRESH +FROM registry.access.redhat.com/ubi9-minimal:${UBI9_MINIMAL_VERSION} AS REFRESH ARG PROJECT_VERSION ARG ARTIFACT_ID diff --git a/cp-base-jre17/pom.xml b/cp-base-jre17/pom.xml index 9b6fb87707..5851296cfa 100644 --- a/cp-base-jre17/pom.xml +++ b/cp-base-jre17/pom.xml @@ -86,6 +86,7 @@ ${ubi.image.version} + ${ubi9.image.version} ${ubi.micro.image.version} -${ubi.temurin.jdk.version} ${docker.skip-security-update-check} From df941732d2de54580a1e97c9171929031daf51e8 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 15 Jan 2025 15:52:20 +0530 Subject: [PATCH 24/49] use master branch --- cp-base-jre17/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cp-base-jre17/pom.xml b/cp-base-jre17/pom.xml index 5851296cfa..97344a0c86 100644 --- a/cp-base-jre17/pom.xml +++ b/cp-base-jre17/pom.xml @@ -23,7 +23,7 @@ io.confluent common-docker - 7.9.0-0 + 8.0.0-0 pom From c9204a1faa32b44217a737bef3b01a5eea787139 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Mon, 20 Jan 2025 10:13:26 +0530 Subject: [PATCH 25/49] change docker repo name in pipeline --- .semaphore/semaphore.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 63231cf42d..e5d9fc1c87 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -72,7 +72,7 @@ global_job_config: - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_DEV_REGISTRY - export LATEST_TAG=$BRANCH_TAG-latest - export DOCKER_UPSTREAM_TAG="$LATEST_TAG" - - export DOCKER_REPOS="confluentinc/cp-base-refresh confluentinc/cp-base-new confluentinc/cp-base-lite confluentinc/cp-jmxterm" + - export DOCKER_REPOS="confluentinc/cp-base-jre17 confluentinc/cp-base-new confluentinc/cp-base-lite confluentinc/cp-jmxterm" - export DOCKER_DEV_TAG="dev-$BRANCH_TAG-$BUILD_NUMBER" - export AMD_ARCH=.amd64 - export ARM_ARCH=.arm64 From 7cab88d0e216b7f393e2a3f104b717b7eee37d93 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Tue, 21 Jan 2025 15:24:10 +0530 Subject: [PATCH 26/49] skip tests --- .semaphore/semaphore.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index e5d9fc1c87..f9ee378aba 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -102,7 +102,7 @@ blocks: - export PACKAGING_BUILD_ARGS="$PACKAGING_BUILD_ARGS -DCONFLUENT_PACKAGES_REPO=$OS_PACKAGES_URL" - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean install dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$AMD_ARCH -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$AMD_ARCH -Ddocker.os_type=ubi8 - $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true + $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true -Dmaven.test.skip - . cache-maven store - >- for dev_image in $AMD_DOCKER_DEV_FULL_IMAGES; @@ -135,7 +135,7 @@ blocks: - ci-tools ci-update-version - mvn -Dmaven.wagon.http.retryHandler.count=3 --batch-mode -P jenkins,docker clean install dependency:analyze validate -U -Ddocker.registry=$DOCKER_DEV_REGISTRY -Ddocker.upstream-registry=$DOCKER_UPSTREAM_REGISTRY -DBUILD_NUMBER=$BUILD_NUMBER -DGIT_COMMIT=$GIT_COMMIT -Ddocker.tag=$DOCKER_DEV_TAG$OS_TAG$ARM_ARCH -Ddocker.upstream-tag=$DOCKER_UPSTREAM_TAG$OS_TAG -Darch.type=$ARM_ARCH -Ddocker.os_type=ubi8 - $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true + $PACKAGING_BUILD_ARGS -Ddependency.check.skip=true -Dmaven.test.skip - . cache-maven store - for image in $ARM_DOCKER_DEV_FULL_IMAGES; do echo "Pushing $image" && docker push $image; done epilogue: From 3a16eb210b452b34560c5319ee501148fc807d94 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Tue, 21 Jan 2025 15:37:51 +0530 Subject: [PATCH 27/49] correct image name --- cp-base-jre17/test/test_refresh_image.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cp-base-jre17/test/test_refresh_image.py b/cp-base-jre17/test/test_refresh_image.py index 94ae271f7d..f20a64b08a 100644 --- a/cp-base-jre17/test/test_refresh_image.py +++ b/cp-base-jre17/test/test_refresh_image.py @@ -7,7 +7,7 @@ class BaseRefreshImageTest(unittest.TestCase): def setUp(self): - self.image = "{0}confluentinc/cp-base-refresh:{1}".format(os.environ["DOCKER_REGISTRY"], os.environ["DOCKER_TAG"]) + self.image = "{0}confluentinc/cp-base-jre17:{1}".format(os.environ["DOCKER_REGISTRY"], os.environ["DOCKER_TAG"]) def test_image_build(self): self.assertTrue(utils.image_exists(self.image)) From 1a10982f5fc07fa59c476f5c4bd327d661b31d65 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 22 Jan 2025 10:52:40 +0530 Subject: [PATCH 28/49] removed docker file from base --- base/Docker-refresh | 32 -------------------------------- 1 file changed, 32 deletions(-) delete mode 100644 base/Docker-refresh diff --git a/base/Docker-refresh b/base/Docker-refresh deleted file mode 100644 index ae953d7545..0000000000 --- a/base/Docker-refresh +++ /dev/null @@ -1,32 +0,0 @@ -ARG MICRODIR=/microdir -ARG PACKAGES_TO_INSTALL="temurin-17-jre shadow-utils" - -FROM registry.access.redhat.com/ubi8 AS BUILD -ARG MICRODIR -ARG PACKAGES_TO_INSTALL -RUN mkdir ${MICRODIR} - -RUN printf "[temurin-jre] \n\ -name=temurin-jre \n\ -baseurl=https://packages.adoptium.net/artifactory/rpm/rhel/\$releasever/\$basearch \n\ -enabled=1 \n\ -gpgcheck=1 \n\ -gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ -" > /etc/yum.repos.d/adoptium.repo - -RUN yum --nodocs install -y --setopt=install_weak_deps=False ${PACKAGES_TO_INSTALL} - -RUN yum clean all - -FROM registry.access.redhat.com/ubi8-micro AS REFRESH -ARG MICRODIR -COPY --from=BUILD /usr/lib/jvm/temurin-17-jre/ ${MICRODIR}/jre/ - -ENV PATH="${MICRODIR}/jre/bin:${PATH}" - -RUN echo "appuser:x:1001:1001::/home/appuser:/bin/sh" >> /etc/passwd && \ - mkdir -p /home/appuser && \ - chown 1001:1001 /home/appuser - -USER appuser -WORKDIR /home/appuser From e4e9987359328c91fd29dae59aecb0e348e49b63 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Mon, 27 Jan 2025 16:07:54 +0530 Subject: [PATCH 29/49] base files for docker image --- base-java/Dockerfile.ubi8 | 99 +++++++++++++++++++ {base-lite => base-java}/README.md | 0 .../include/etc/confluent/docker/bash-config | 0 .../etc/confluent/docker/mesos-setup.sh | 0 .../etc/cp-base-java}/log4j.properties | 0 {base-lite => base-java}/license.txt | 0 base-java/package_dedupe/package_dedupe.go | 68 +++++++++++++ {base-lite => base-java}/pom.xml | 0 {base-lite => base-java}/requirements.txt | 0 {base-lite => base-java}/setup.py | 0 .../test/test_base_lite_image.py | 0 {base-lite => base-java}/tox.ini | 0 {base-lite => base-java}/ub/go.mod | 0 {base-lite => base-java}/ub/go.sum | 0 .../ub/testResources/sampleFile | 0 .../ub/testResources/sampleFile2 | 0 .../ub/testResources/sampleLog4j.template | 0 {base-lite => base-java}/ub/ub.go | 0 {base-lite => base-java}/ub/ub_test.go | 0 base-lite/Dockerfile.ubi8 | 99 ------------------- 20 files changed, 167 insertions(+), 99 deletions(-) create mode 100644 base-java/Dockerfile.ubi8 rename {base-lite => base-java}/README.md (100%) rename {base-lite => base-java}/include/etc/confluent/docker/bash-config (100%) rename {base-lite => base-java}/include/etc/confluent/docker/mesos-setup.sh (100%) rename {base-lite/include/etc/cp-base-lite => base-java/include/etc/cp-base-java}/log4j.properties (100%) rename {base-lite => base-java}/license.txt (100%) create mode 100644 base-java/package_dedupe/package_dedupe.go rename {base-lite => base-java}/pom.xml (100%) rename {base-lite => base-java}/requirements.txt (100%) rename {base-lite => base-java}/setup.py (100%) rename {base-lite => base-java}/test/test_base_lite_image.py (100%) rename {base-lite => base-java}/tox.ini (100%) rename {base-lite => base-java}/ub/go.mod (100%) rename {base-lite => base-java}/ub/go.sum (100%) rename {base-lite => base-java}/ub/testResources/sampleFile (100%) rename {base-lite => base-java}/ub/testResources/sampleFile2 (100%) rename {base-lite => base-java}/ub/testResources/sampleLog4j.template (100%) rename {base-lite => base-java}/ub/ub.go (100%) rename {base-lite => base-java}/ub/ub_test.go (100%) diff --git a/base-java/Dockerfile.ubi8 b/base-java/Dockerfile.ubi8 new file mode 100644 index 0000000000..9dbe65264d --- /dev/null +++ b/base-java/Dockerfile.ubi8 @@ -0,0 +1,99 @@ +# +# Copyright 2017 Confluent Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG UBI_MINIMAL_VERSION="latest" +ARG GOLANG_VERSION + +FROM golang:${GOLANG_VERSION} AS build-ub +WORKDIR /build +RUN useradd --no-log-init --create-home --shell /bin/bash appuser +COPY --chown=appuser:appuser ub/ ./ +RUN go build -ldflags="-w -s" ./ub.go +USER appuser +RUN go test ./... + +FROM registry.access.redhat.com/ubi8/ubi-minimal:${UBI_MINIMAL_VERSION} + +ARG PROJECT_VERSION +ARG ARTIFACT_ID + +# Remember where we came from +LABEL io.confluent.docker.git.repo="confluentinc/common-docker" + +ARG GIT_COMMIT +LABEL io.confluent.docker.git.id=$GIT_COMMIT + +ARG BUILD_NUMBER=-1 +LABEL io.confluent.docker.build.number=$BUILD_NUMBER + +LABEL maintainer="tools@confluent.io" +LABEL vendor="Confluent" +LABEL version=$GIT_COMMIT +LABEL release=$PROJECT_VERSION +LABEL name=$ARTIFACT_ID +LABEL summary="Common base image for new Confluent lightweight Docker images." +LABEL description="Common base image for Confluent lightweight Docker images." +LABEL io.confluent.docker=true + +# This affects how strings in Java class files are interpreted. We want UTF-8 and this is the only locale in the +# base image that supports it +ENV LANG="C.UTF-8" + +# Temurin JDK version +ARG TEMURIN_JDK_VERSION="" + +ENV UB_CLASSPATH=/usr/share/java/cp-base-lite/* + +RUN printf "[temurin-jdk] \n\ +name=temurin-jdk \n\ +baseurl=https://packages.adoptium.net/artifactory/rpm/rhel/\$releasever/\$basearch \n\ +enabled=1 \n\ +gpgcheck=1 \n\ +gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ +" > /etc/yum.repos.d/adoptium.repo + +RUN microdnf --nodocs install yum \ + && yum --nodocs update -y \ + && yum --nodocs install -y --setopt=install_weak_deps=False \ + "curl${CURL_VERSION}" \ + "temurin-17-jre${TEMURIN_JDK_VERSION}" \ + && microdnf clean all \ + && yum clean all \ + && rm -rf /tmp/* \ + && mkdir -p /etc/confluent/docker /usr/logs \ + && useradd --no-log-init --create-home --shell /bin/bash appuser \ + && chown appuser:appuser -R /etc/confluent/ /usr/logs + +# This is a step that will cause the build to fail of the package manager detects a package update is availible and isn't installed. +# The ARG SKIP_SECURITY_UPDATE_CHECK is an "escape" hatch if you want to by-pass this check and build the container anyways, which +# is not advisable in terms of security posture. If set to false (which triggers a shell exit(1) if the check fails from the left +# hand of ||) this check will fail. If true (which triggers a right-hand || shell exit(0)), then this check will pass even if a +# security update is availible. We skip checks from TemurinJDK repos because Confluent pins those upstream versions for various reasons +# such as identified bugs in TemurinJDK's software. +ARG SKIP_SECURITY_UPDATE_CHECK="false" +RUN yum --disablerepo="temurin-jdk" check-update || "${SKIP_SECURITY_UPDATE_CHECK}" + +COPY --chown=appuser:appuser target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ +COPY --chown=appuser:appuser target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/java/${ARTIFACT_ID}/* /usr/share/java/${ARTIFACT_ID}/ + +COPY --chown=appuser:appuser include/etc/confluent/docker /etc/confluent/docker +COPY --chown=appuser:appuser include/etc/cp-base-lite /etc/cp-base-lite +COPY --from=build-ub /build/ub /usr/bin + +RUN mkdir /licenses +COPY license.txt /licenses + +USER appuser +WORKDIR /home/appuser diff --git a/base-lite/README.md b/base-java/README.md similarity index 100% rename from base-lite/README.md rename to base-java/README.md diff --git a/base-lite/include/etc/confluent/docker/bash-config b/base-java/include/etc/confluent/docker/bash-config similarity index 100% rename from base-lite/include/etc/confluent/docker/bash-config rename to base-java/include/etc/confluent/docker/bash-config diff --git a/base-lite/include/etc/confluent/docker/mesos-setup.sh b/base-java/include/etc/confluent/docker/mesos-setup.sh similarity index 100% rename from base-lite/include/etc/confluent/docker/mesos-setup.sh rename to base-java/include/etc/confluent/docker/mesos-setup.sh diff --git a/base-lite/include/etc/cp-base-lite/log4j.properties b/base-java/include/etc/cp-base-java/log4j.properties similarity index 100% rename from base-lite/include/etc/cp-base-lite/log4j.properties rename to base-java/include/etc/cp-base-java/log4j.properties diff --git a/base-lite/license.txt b/base-java/license.txt similarity index 100% rename from base-lite/license.txt rename to base-java/license.txt diff --git a/base-java/package_dedupe/package_dedupe.go b/base-java/package_dedupe/package_dedupe.go new file mode 100644 index 0000000000..7af27b59d4 --- /dev/null +++ b/base-java/package_dedupe/package_dedupe.go @@ -0,0 +1,68 @@ +package main + +import ( + "crypto/sha1" + + "fmt" + + "io" + "log" + "os" + "path/filepath" +) + +func dedupe_packages(rootPath string) { + sha2path := make(map[string]string) + err := filepath.Walk(rootPath, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if info.IsDir() || info.Mode()&os.ModeSymlink != 0 { + return nil + } + sha, err := shaSum(path) + if err != nil { + return err + } + if orig, exists := sha2path[sha]; exists { + relPath, err := filepath.Rel(filepath.Dir(path), orig) + if err != nil { + return err + } + os.Remove(path) + err = os.Symlink(relPath, path) + if err != nil { + return err + } + log.Printf("DEDUP: ln -sf %s %s\n", orig, path) + } else { + sha2path[sha] = path + } + return nil + }) + if err != nil { + log.Fatal(err) + } +} + +func shaSum(path string) (string, error) { + file, err := os.Open(path) + if err != nil { + return "", err + } + defer file.Close() + hash := sha1.New() + if _, err := io.Copy(hash, file); err != nil { + return "", err + } + return fmt.Sprintf("%x", hash.Sum(nil)), nil +} + +func main() { + if len(os.Args) != 2 { + fmt.Println("Usage: dedupe_packages ") + os.Exit(1) + } + basePath := os.Args[1] + dedupe_packages(basePath) +} \ No newline at end of file diff --git a/base-lite/pom.xml b/base-java/pom.xml similarity index 100% rename from base-lite/pom.xml rename to base-java/pom.xml diff --git a/base-lite/requirements.txt b/base-java/requirements.txt similarity index 100% rename from base-lite/requirements.txt rename to base-java/requirements.txt diff --git a/base-lite/setup.py b/base-java/setup.py similarity index 100% rename from base-lite/setup.py rename to base-java/setup.py diff --git a/base-lite/test/test_base_lite_image.py b/base-java/test/test_base_lite_image.py similarity index 100% rename from base-lite/test/test_base_lite_image.py rename to base-java/test/test_base_lite_image.py diff --git a/base-lite/tox.ini b/base-java/tox.ini similarity index 100% rename from base-lite/tox.ini rename to base-java/tox.ini diff --git a/base-lite/ub/go.mod b/base-java/ub/go.mod similarity index 100% rename from base-lite/ub/go.mod rename to base-java/ub/go.mod diff --git a/base-lite/ub/go.sum b/base-java/ub/go.sum similarity index 100% rename from base-lite/ub/go.sum rename to base-java/ub/go.sum diff --git a/base-lite/ub/testResources/sampleFile b/base-java/ub/testResources/sampleFile similarity index 100% rename from base-lite/ub/testResources/sampleFile rename to base-java/ub/testResources/sampleFile diff --git a/base-lite/ub/testResources/sampleFile2 b/base-java/ub/testResources/sampleFile2 similarity index 100% rename from base-lite/ub/testResources/sampleFile2 rename to base-java/ub/testResources/sampleFile2 diff --git a/base-lite/ub/testResources/sampleLog4j.template b/base-java/ub/testResources/sampleLog4j.template similarity index 100% rename from base-lite/ub/testResources/sampleLog4j.template rename to base-java/ub/testResources/sampleLog4j.template diff --git a/base-lite/ub/ub.go b/base-java/ub/ub.go similarity index 100% rename from base-lite/ub/ub.go rename to base-java/ub/ub.go diff --git a/base-lite/ub/ub_test.go b/base-java/ub/ub_test.go similarity index 100% rename from base-lite/ub/ub_test.go rename to base-java/ub/ub_test.go diff --git a/base-lite/Dockerfile.ubi8 b/base-lite/Dockerfile.ubi8 index 9dbe65264d..e69de29bb2 100644 --- a/base-lite/Dockerfile.ubi8 +++ b/base-lite/Dockerfile.ubi8 @@ -1,99 +0,0 @@ -# -# Copyright 2017 Confluent Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ARG UBI_MINIMAL_VERSION="latest" -ARG GOLANG_VERSION - -FROM golang:${GOLANG_VERSION} AS build-ub -WORKDIR /build -RUN useradd --no-log-init --create-home --shell /bin/bash appuser -COPY --chown=appuser:appuser ub/ ./ -RUN go build -ldflags="-w -s" ./ub.go -USER appuser -RUN go test ./... - -FROM registry.access.redhat.com/ubi8/ubi-minimal:${UBI_MINIMAL_VERSION} - -ARG PROJECT_VERSION -ARG ARTIFACT_ID - -# Remember where we came from -LABEL io.confluent.docker.git.repo="confluentinc/common-docker" - -ARG GIT_COMMIT -LABEL io.confluent.docker.git.id=$GIT_COMMIT - -ARG BUILD_NUMBER=-1 -LABEL io.confluent.docker.build.number=$BUILD_NUMBER - -LABEL maintainer="tools@confluent.io" -LABEL vendor="Confluent" -LABEL version=$GIT_COMMIT -LABEL release=$PROJECT_VERSION -LABEL name=$ARTIFACT_ID -LABEL summary="Common base image for new Confluent lightweight Docker images." -LABEL description="Common base image for Confluent lightweight Docker images." -LABEL io.confluent.docker=true - -# This affects how strings in Java class files are interpreted. We want UTF-8 and this is the only locale in the -# base image that supports it -ENV LANG="C.UTF-8" - -# Temurin JDK version -ARG TEMURIN_JDK_VERSION="" - -ENV UB_CLASSPATH=/usr/share/java/cp-base-lite/* - -RUN printf "[temurin-jdk] \n\ -name=temurin-jdk \n\ -baseurl=https://packages.adoptium.net/artifactory/rpm/rhel/\$releasever/\$basearch \n\ -enabled=1 \n\ -gpgcheck=1 \n\ -gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ -" > /etc/yum.repos.d/adoptium.repo - -RUN microdnf --nodocs install yum \ - && yum --nodocs update -y \ - && yum --nodocs install -y --setopt=install_weak_deps=False \ - "curl${CURL_VERSION}" \ - "temurin-17-jre${TEMURIN_JDK_VERSION}" \ - && microdnf clean all \ - && yum clean all \ - && rm -rf /tmp/* \ - && mkdir -p /etc/confluent/docker /usr/logs \ - && useradd --no-log-init --create-home --shell /bin/bash appuser \ - && chown appuser:appuser -R /etc/confluent/ /usr/logs - -# This is a step that will cause the build to fail of the package manager detects a package update is availible and isn't installed. -# The ARG SKIP_SECURITY_UPDATE_CHECK is an "escape" hatch if you want to by-pass this check and build the container anyways, which -# is not advisable in terms of security posture. If set to false (which triggers a shell exit(1) if the check fails from the left -# hand of ||) this check will fail. If true (which triggers a right-hand || shell exit(0)), then this check will pass even if a -# security update is availible. We skip checks from TemurinJDK repos because Confluent pins those upstream versions for various reasons -# such as identified bugs in TemurinJDK's software. -ARG SKIP_SECURITY_UPDATE_CHECK="false" -RUN yum --disablerepo="temurin-jdk" check-update || "${SKIP_SECURITY_UPDATE_CHECK}" - -COPY --chown=appuser:appuser target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ -COPY --chown=appuser:appuser target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/java/${ARTIFACT_ID}/* /usr/share/java/${ARTIFACT_ID}/ - -COPY --chown=appuser:appuser include/etc/confluent/docker /etc/confluent/docker -COPY --chown=appuser:appuser include/etc/cp-base-lite /etc/cp-base-lite -COPY --from=build-ub /build/ub /usr/bin - -RUN mkdir /licenses -COPY license.txt /licenses - -USER appuser -WORKDIR /home/appuser From db004c4624c33effc741d416f0c615d53b45d7ce Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Mon, 27 Jan 2025 16:10:00 +0530 Subject: [PATCH 30/49] dockefile for cp-base-java and pom --- base-java/Dockerfile.ubi8 | 95 +++++++++++++++------------------------ base-java/pom.xml | 2 +- 2 files changed, 38 insertions(+), 59 deletions(-) diff --git a/base-java/Dockerfile.ubi8 b/base-java/Dockerfile.ubi8 index 9dbe65264d..2f55f549fd 100644 --- a/base-java/Dockerfile.ubi8 +++ b/base-java/Dockerfile.ubi8 @@ -1,31 +1,38 @@ -# -# Copyright 2017 Confluent Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ARG UBI_MINIMAL_VERSION="latest" +ARG MICRODIR=/microdir +ARG UBI_MICRO_VERSION=8.10-13 +ARG TEMURIN_JDK_VERSION="21.0.6.0.0.7-1" +ARG DOCKER_UPSTREAM_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" +ARG DOCKER_UPSTREAM_TAG ARG GOLANG_VERSION +ARG UBI_MINIMAL_VERSION="latest" +ARG UBI9_MINIMAL_VERSION="latest" -FROM golang:${GOLANG_VERSION} AS build-ub +FROM docker.io/golang:${GOLANG_VERSION} AS build-ub-package-dedupe WORKDIR /build RUN useradd --no-log-init --create-home --shell /bin/bash appuser COPY --chown=appuser:appuser ub/ ./ RUN go build -ldflags="-w -s" ./ub.go USER appuser RUN go test ./... +COPY --chown=appuser:appuser package_dedupe/package_dedupe.go ./ +USER root +RUN go build -ldflags="-w -s" ./package_dedupe.go + +FROM registry.access.redhat.com/ubi8 AS BUILD + +RUN printf "[temurin-jre] \n\ +name=temurin-jre \n\ +baseurl=https://packages.adoptium.net/artifactory/rpm/rhel/\$releasever/\$basearch \n\ +enabled=1 \n\ +gpgcheck=1 \n\ +gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ +" > /etc/yum.repos.d/adoptium.repo +RUN echo "installing temurin-21-jre:${TEMURIN_JDK_VERSION}" +RUN yum --nodocs install -y --setopt=install_weak_deps=False temurin-21-jre -FROM registry.access.redhat.com/ubi8/ubi-minimal:${UBI_MINIMAL_VERSION} +RUN yum clean all +FROM registry.access.redhat.com/ubi9-minimal:${UBI9_MINIMAL_VERSION} AS REFRESH ARG PROJECT_VERSION ARG ARTIFACT_ID @@ -46,54 +53,26 @@ LABEL name=$ARTIFACT_ID LABEL summary="Common base image for new Confluent lightweight Docker images." LABEL description="Common base image for Confluent lightweight Docker images." LABEL io.confluent.docker=true - # This affects how strings in Java class files are interpreted. We want UTF-8 and this is the only locale in the # base image that supports it ENV LANG="C.UTF-8" -# Temurin JDK version -ARG TEMURIN_JDK_VERSION="" - -ENV UB_CLASSPATH=/usr/share/java/cp-base-lite/* - -RUN printf "[temurin-jdk] \n\ -name=temurin-jdk \n\ -baseurl=https://packages.adoptium.net/artifactory/rpm/rhel/\$releasever/\$basearch \n\ -enabled=1 \n\ -gpgcheck=1 \n\ -gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ -" > /etc/yum.repos.d/adoptium.repo - -RUN microdnf --nodocs install yum \ - && yum --nodocs update -y \ - && yum --nodocs install -y --setopt=install_weak_deps=False \ - "curl${CURL_VERSION}" \ - "temurin-17-jre${TEMURIN_JDK_VERSION}" \ - && microdnf clean all \ - && yum clean all \ - && rm -rf /tmp/* \ - && mkdir -p /etc/confluent/docker /usr/logs \ - && useradd --no-log-init --create-home --shell /bin/bash appuser \ - && chown appuser:appuser -R /etc/confluent/ /usr/logs +#ARG MICRODIR +COPY --from=BUILD /usr/lib/jvm/temurin-21-jre/ usr/lib +COPY --from=build-ub-package-dedupe /build/package_dedupe /usr/lib/bin/package_dedupe +COPY --from=build-ub-package-dedupe /build/ub /usr/bin -# This is a step that will cause the build to fail of the package manager detects a package update is availible and isn't installed. -# The ARG SKIP_SECURITY_UPDATE_CHECK is an "escape" hatch if you want to by-pass this check and build the container anyways, which -# is not advisable in terms of security posture. If set to false (which triggers a shell exit(1) if the check fails from the left -# hand of ||) this check will fail. If true (which triggers a right-hand || shell exit(0)), then this check will pass even if a -# security update is availible. We skip checks from TemurinJDK repos because Confluent pins those upstream versions for various reasons -# such as identified bugs in TemurinJDK's software. -ARG SKIP_SECURITY_UPDATE_CHECK="false" -RUN yum --disablerepo="temurin-jdk" check-update || "${SKIP_SECURITY_UPDATE_CHECK}" +ENV PATH="/usr/lib/bin:${PATH}" -COPY --chown=appuser:appuser target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ -COPY --chown=appuser:appuser target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/java/${ARTIFACT_ID}/* /usr/share/java/${ARTIFACT_ID}/ +RUN echo "appuser:x:1001:1001::/home/appuser:/bin/sh" >> /etc/passwd && \ + mkdir -p /home/appuser && \ + chown 1001:1001 /home/appuser -COPY --chown=appuser:appuser include/etc/confluent/docker /etc/confluent/docker -COPY --chown=appuser:appuser include/etc/cp-base-lite /etc/cp-base-lite -COPY --from=build-ub /build/ub /usr/bin +COPY target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ +COPY target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/java/${ARTIFACT_ID}/* /usr/share/java/${ARTIFACT_ID}/ -RUN mkdir /licenses -COPY license.txt /licenses +RUN cd /usr/share/java \ + && package_dedupe $(pwd) USER appuser WORKDIR /home/appuser diff --git a/base-java/pom.xml b/base-java/pom.xml index c77dccaf3f..d2a3cf65ee 100644 --- a/base-java/pom.xml +++ b/base-java/pom.xml @@ -28,7 +28,7 @@ pom - cp-base-lite + cp-base-java Base for new Confluent lightweight Docker images ${project.artifactId} From 2bc7e3b8d053281b87980b7d963b69ca52f66be7 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Mon, 27 Jan 2025 16:11:29 +0530 Subject: [PATCH 31/49] remove cp-base-jre17 --- cp-base-jre17/Dockerfile.ubi8 | 75 ----------- .../include/etc/confluent/docker/bash-config | 23 ---- .../etc/confluent/docker/mesos-setup.sh | 27 ---- .../include/etc/cp-base-new/log4j.properties | 28 ---- .../package_dedupe/package_dedupe.go | 68 ---------- cp-base-jre17/pom.xml | 121 ------------------ cp-base-jre17/requirements.txt | 1 - cp-base-jre17/setup.py | 23 ---- cp-base-jre17/test/test_refresh_image.py | 28 ---- cp-base-jre17/tox.ini | 41 ------ 10 files changed, 435 deletions(-) delete mode 100644 cp-base-jre17/Dockerfile.ubi8 delete mode 100644 cp-base-jre17/include/etc/confluent/docker/bash-config delete mode 100644 cp-base-jre17/include/etc/confluent/docker/mesos-setup.sh delete mode 100644 cp-base-jre17/include/etc/cp-base-new/log4j.properties delete mode 100644 cp-base-jre17/package_dedupe/package_dedupe.go delete mode 100644 cp-base-jre17/pom.xml delete mode 100644 cp-base-jre17/requirements.txt delete mode 100644 cp-base-jre17/setup.py delete mode 100644 cp-base-jre17/test/test_refresh_image.py delete mode 100644 cp-base-jre17/tox.ini diff --git a/cp-base-jre17/Dockerfile.ubi8 b/cp-base-jre17/Dockerfile.ubi8 deleted file mode 100644 index 325f2858c1..0000000000 --- a/cp-base-jre17/Dockerfile.ubi8 +++ /dev/null @@ -1,75 +0,0 @@ -ARG MICRODIR=/microdir -ARG UBI_MICRO_VERSION=8.10-13 -ARG TEMURIN_JDK_VERSION="17.0.13.0.0.11-2" -ARG DOCKER_UPSTREAM_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" -ARG DOCKER_UPSTREAM_TAG -ARG GOLANG_VERSION -ARG UBI_MINIMAL_VERSION="latest" -ARG UBI9_MINIMAL_VERSION="latest" - -FROM docker.io/golang:${GOLANG_VERSION} AS build_package_dedupe -WORKDIR /build -RUN useradd --no-log-init --create-home --shell /bin/bash appuser -COPY --chown=appuser:appuser package_dedupe/package_dedupe.go ./ -RUN go build -ldflags="-w -s" ./package_dedupe.go - -FROM registry.access.redhat.com/ubi8 AS BUILD - -RUN printf "[temurin-jre] \n\ -name=temurin-jre \n\ -baseurl=https://packages.adoptium.net/artifactory/rpm/rhel/\$releasever/\$basearch \n\ -enabled=1 \n\ -gpgcheck=1 \n\ -gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ -" > /etc/yum.repos.d/adoptium.repo -RUN echo "installing temurin-17-jre:${TEMURIN_JDK_VERSION}" -RUN yum --nodocs install -y --setopt=install_weak_deps=False temurin-17-jre - -RUN yum clean all - -FROM 519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/confluentinc/cp-base-lite:7.9.x-latest-ubi8 AS BASE-LITE - -FROM registry.access.redhat.com/ubi9-minimal:${UBI9_MINIMAL_VERSION} AS REFRESH -ARG PROJECT_VERSION -ARG ARTIFACT_ID - -# Remember where we came from -LABEL io.confluent.docker.git.repo="confluentinc/common-docker" - -ARG GIT_COMMIT -LABEL io.confluent.docker.git.id=$GIT_COMMIT - -ARG BUILD_NUMBER=-1 -LABEL io.confluent.docker.build.number=$BUILD_NUMBER - -LABEL maintainer="tools@confluent.io" -LABEL vendor="Confluent" -LABEL version=$GIT_COMMIT -LABEL release=$PROJECT_VERSION -LABEL name=$ARTIFACT_ID -LABEL summary="Common base image for new Confluent lightweight Docker images." -LABEL description="Common base image for Confluent lightweight Docker images." -LABEL io.confluent.docker=true -# This affects how strings in Java class files are interpreted. We want UTF-8 and this is the only locale in the -# base image that supports it -ENV LANG="C.UTF-8" - -#ARG MICRODIR -COPY --from=BUILD /usr/lib/jvm/temurin-17-jre/ usr/lib -COPY --from=BASE-LITE /usr/bin /usr/bin -COPY --from=build_package_dedupe /build/package_dedupe /usr/lib/bin/package_dedupe - -ENV PATH="/usr/lib/bin:${PATH}" - -RUN echo "appuser:x:1001:1001::/home/appuser:/bin/sh" >> /etc/passwd && \ - mkdir -p /home/appuser && \ - chown 1001:1001 /home/appuser - -COPY target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ -COPY target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/java/${ARTIFACT_ID}/* /usr/share/java/${ARTIFACT_ID}/ - -RUN cd /usr/share/java \ - && package_dedupe $(pwd) - -USER appuser -WORKDIR /home/appuser diff --git a/cp-base-jre17/include/etc/confluent/docker/bash-config b/cp-base-jre17/include/etc/confluent/docker/bash-config deleted file mode 100644 index 43c08d9b50..0000000000 --- a/cp-base-jre17/include/etc/confluent/docker/bash-config +++ /dev/null @@ -1,23 +0,0 @@ -# -# Copyright 2018 Confluent Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o nounset \ - -o errexit - -# Trace may expose passwords/credentials by printing them to stdout, so turn on with care. -if [ "${TRACE:-}" == "true" ]; then - set -o verbose \ - -o xtrace -fi diff --git a/cp-base-jre17/include/etc/confluent/docker/mesos-setup.sh b/cp-base-jre17/include/etc/confluent/docker/mesos-setup.sh deleted file mode 100644 index b3874daf6d..0000000000 --- a/cp-base-jre17/include/etc/confluent/docker/mesos-setup.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/env bash - -set +o nounset - -if [ -z $SKIP_MESOS_AUTO_SETUP ]; then - if [ -n $MESOS_SANDBOX ] && [ -e $MESOS_SANDBOX/.ssl/scheduler.crt ] && [ -e $MESOS_SANDBOX/.ssl/scheduler.key ]; then - echo "Entering Mesos auto setup for Java SSL truststore. You should not see this if you are not on mesos ..." - - openssl pkcs12 -export -in $MESOS_SANDBOX/.ssl/scheduler.crt -inkey $MESOS_SANDBOX/.ssl/scheduler.key \ - -out /tmp/keypair.p12 -name keypair \ - -CAfile $MESOS_SANDBOX/.ssl/ca-bundle.crt -caname root -passout pass:export - - keytool -importkeystore \ - -deststorepass changeit -destkeypass changeit -destkeystore /tmp/kafka-keystore.jks \ - -srckeystore /tmp/keypair.p12 -srcstoretype PKCS12 -srcstorepass export \ - -alias keypair - - keytool -import \ - -trustcacerts \ - -alias root \ - -file $MESOS_SANDBOX/.ssl/ca-bundle.crt \ - -storepass changeit \ - -keystore /tmp/kafka-truststore.jks -noprompt - fi -fi - -set -o nounset diff --git a/cp-base-jre17/include/etc/cp-base-new/log4j.properties b/cp-base-jre17/include/etc/cp-base-new/log4j.properties deleted file mode 100644 index 40fd0b7329..0000000000 --- a/cp-base-jre17/include/etc/cp-base-new/log4j.properties +++ /dev/null @@ -1,28 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one or more -# contributor license agreements. See the NOTICE file distributed with -# this work for additional information regarding copyright ownership. -# The ASF licenses this file to You under the Apache License, Version 2.0 -# (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -log4j.rootLogger=OFF - -# Only log errors from Kafka and ZKClient -log4j.logger.org.apache.kafka=ERROR -log4j.logger.org.I0Itec.zkclient.ZkClient=ERROR - -# Log informational messages from the CLI and Zookeeper -log4j.logger.io.confluent.admin.utils=INFO, stderr -log4j.logger.org.apache.zookeeper=INFO, stderr -# STDERR Appender -log4j.appender.stderr=org.apache.log4j.ConsoleAppender -log4j.appender.stderr.layout=org.apache.log4j.PatternLayout -log4j.appender.stderr.Target=System.err -log4j.appender.stderr.layout.ConversionPattern=%m%n diff --git a/cp-base-jre17/package_dedupe/package_dedupe.go b/cp-base-jre17/package_dedupe/package_dedupe.go deleted file mode 100644 index 7af27b59d4..0000000000 --- a/cp-base-jre17/package_dedupe/package_dedupe.go +++ /dev/null @@ -1,68 +0,0 @@ -package main - -import ( - "crypto/sha1" - - "fmt" - - "io" - "log" - "os" - "path/filepath" -) - -func dedupe_packages(rootPath string) { - sha2path := make(map[string]string) - err := filepath.Walk(rootPath, func(path string, info os.FileInfo, err error) error { - if err != nil { - return err - } - if info.IsDir() || info.Mode()&os.ModeSymlink != 0 { - return nil - } - sha, err := shaSum(path) - if err != nil { - return err - } - if orig, exists := sha2path[sha]; exists { - relPath, err := filepath.Rel(filepath.Dir(path), orig) - if err != nil { - return err - } - os.Remove(path) - err = os.Symlink(relPath, path) - if err != nil { - return err - } - log.Printf("DEDUP: ln -sf %s %s\n", orig, path) - } else { - sha2path[sha] = path - } - return nil - }) - if err != nil { - log.Fatal(err) - } -} - -func shaSum(path string) (string, error) { - file, err := os.Open(path) - if err != nil { - return "", err - } - defer file.Close() - hash := sha1.New() - if _, err := io.Copy(hash, file); err != nil { - return "", err - } - return fmt.Sprintf("%x", hash.Sum(nil)), nil -} - -func main() { - if len(os.Args) != 2 { - fmt.Println("Usage: dedupe_packages ") - os.Exit(1) - } - basePath := os.Args[1] - dedupe_packages(basePath) -} \ No newline at end of file diff --git a/cp-base-jre17/pom.xml b/cp-base-jre17/pom.xml deleted file mode 100644 index 97344a0c86..0000000000 --- a/cp-base-jre17/pom.xml +++ /dev/null @@ -1,121 +0,0 @@ - - - - - 4.0.0 - - - io.confluent - common-docker - 8.0.0-0 - - - pom - - cp-base-jre17 - - Refreshed Base for Confluent Docker images - ${project.artifactId} - - - false - false - true - - - - - io.confluent - utility-belt - ${io.confluent.common-docker.version} - - - junit - junit - ${junit.version} - test - - - - - - - maven-resources-plugin - ${maven-resources-plugin.version} - - - copy-resources - compile - - copy-resources - - - true - target - - - ${basedir}/../docker-utils/target - - docker-utils-${CONFLUENT_VERSION}-jar-with-dependencies.jar - - - - - - - - - com.spotify - dockerfile-maven-plugin - - - ${ubi.image.version} - ${ubi9.image.version} - ${ubi.micro.image.version} - -${ubi.temurin.jdk.version} - ${docker.skip-security-update-check} - ${golang.version} - - - - - io.fabric8 - docker-maven-plugin - 0.43.4 - - - - - - ${ubi.image.version} - ${ubi.micro.image.version} - -${ubi.temurin.jdk.version} - - ${docker.skip-security-update-check} - - ${golang.version} - - - - - - - - - diff --git a/cp-base-jre17/requirements.txt b/cp-base-jre17/requirements.txt deleted file mode 100644 index 879b1e1d13..0000000000 --- a/cp-base-jre17/requirements.txt +++ /dev/null @@ -1 +0,0 @@ -git+https://github.com/confluentinc/confluent-docker-utils@v0.0.96 diff --git a/cp-base-jre17/setup.py b/cp-base-jre17/setup.py deleted file mode 100644 index 9c69fc03cc..0000000000 --- a/cp-base-jre17/setup.py +++ /dev/null @@ -1,23 +0,0 @@ -from setuptools import setup - - -setup( - name='common-tests', - version='4.1.0', - - author="Confluent, Inc.", - - description='Docker image tests', - - url="https://github.com/confluentinc/common", - - dependency_links=open('requirements.txt').read().split("\n"), - - packages=['test'], - - include_package_data=True, - - python_requires='>=2.7', - setup_requires=['setuptools-git'], - -) diff --git a/cp-base-jre17/test/test_refresh_image.py b/cp-base-jre17/test/test_refresh_image.py deleted file mode 100644 index f20a64b08a..0000000000 --- a/cp-base-jre17/test/test_refresh_image.py +++ /dev/null @@ -1,28 +0,0 @@ -import os -import unittest - -import confluent.docker_utils as utils - - -class BaseRefreshImageTest(unittest.TestCase): - - def setUp(self): - self.image = "{0}confluentinc/cp-base-jre17:{1}".format(os.environ["DOCKER_REGISTRY"], os.environ["DOCKER_TAG"]) - - def test_image_build(self): - self.assertTrue(utils.image_exists(self.image)) - - def test_jre_17_installed(self): - jre_cmd = "java --version" - result = utils.run_docker_command(image=self.image, command=jre_cmd) - self.assertTrue(b'17' in result) - - def test_ub_exists(self): - self.assertTrue(utils.path_exists_in_image(self.image, "/usr/bin/ub")) - - def test_ub_runnable(self): - ub_cmd = "bash -c '/usr/bin/ub -h'" - self.assertTrue(b"utility commands" in utils.run_docker_command(image=self.image, command=ub_cmd)) - -if __name__ == '__main__': - unittest.main() \ No newline at end of file diff --git a/cp-base-jre17/tox.ini b/cp-base-jre17/tox.ini deleted file mode 100644 index af5b6fe10e..0000000000 --- a/cp-base-jre17/tox.ini +++ /dev/null @@ -1,41 +0,0 @@ -[tox] -envlist = test -toxworkdir = /var/tmp - -[testenv] -deps = - -rrequirements.txt - flake8 - pytest == 4.6.4 - pytest-xdist == 1.29.0 - pytest-cov == 2.7.1 - sphinx!=1.2b2,<2.0.0 -install_command = pip install -U {packages} -recreate = True -skipsdist = True -usedevelop = True -setenv = - PIP_PROCESS_DEPENDENCY_LINKS=1 - PIP_DEFAULT_TIMEOUT=60 - ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future -basepython = python -envdir = {toxworkdir}/confluent - -[testenv:test] -commands = - py.test --color=no {env:PYTESTARGS:} test - -[testenv:style] -commands = - flake8 --config tox.ini - -[testenv:cover] -commands = - py.test {env:PYTESTARGS:} --cov . --cov-report=xml --cov-report=html --cov-report=term test - -[flake8] -ignore = E111,E121,W292,E123,E226 -max-line-length = 160 - -[pytest] -addopts = -n 1 From adf216cb4fecd8166f4402b44416c6167fe5b746 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Mon, 27 Jan 2025 16:15:13 +0530 Subject: [PATCH 32/49] add entry for base-java --- base-lite/pom.xml | 118 ++++++++++++++++++++++++++++++++++++++++++++++ pom.xml | 2 +- 2 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 base-lite/pom.xml diff --git a/base-lite/pom.xml b/base-lite/pom.xml new file mode 100644 index 0000000000..d2a3cf65ee --- /dev/null +++ b/base-lite/pom.xml @@ -0,0 +1,118 @@ + + + + + 4.0.0 + + + io.confluent + common-docker + 8.0.0-0 + + + pom + + cp-base-java + + Base for new Confluent lightweight Docker images + ${project.artifactId} + + + false + false + true + + + + + io.confluent + utility-belt + ${io.confluent.common-docker.version} + + + junit + junit + ${junit.version} + test + + + + + + + maven-resources-plugin + ${maven-resources-plugin.version} + + + copy-resources + compile + + copy-resources + + + true + target + + + ${basedir}/../docker-utils/target + + docker-utils-${CONFLUENT_VERSION}-jar-with-dependencies.jar + + + + + + + + + com.spotify + dockerfile-maven-plugin + + + ${ubi.image.version} + -${ubi.temurin.jdk.version} + ${docker.skip-security-update-check} + ${golang.version} + + + + + io.fabric8 + docker-maven-plugin + 0.43.4 + + + + + + ${ubi.image.version} + -${ubi.temurin.jdk.version} + + ${docker.skip-security-update-check} + + ${golang.version} + + + + + + + + + diff --git a/pom.xml b/pom.xml index 5a916e84b4..eb74d3cb0f 100644 --- a/pom.xml +++ b/pom.xml @@ -21,7 +21,7 @@ utility-belt docker-utils - cp-base-jre17 + base-java base base-lite jmxterm From c9c12ff658a95c3a4994e4d5e0c40345243e603c Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Mon, 27 Jan 2025 16:17:37 +0530 Subject: [PATCH 33/49] add pom.xml for base lite --- base-lite/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base-lite/pom.xml b/base-lite/pom.xml index d2a3cf65ee..c77dccaf3f 100644 --- a/base-lite/pom.xml +++ b/base-lite/pom.xml @@ -28,7 +28,7 @@ pom - cp-base-java + cp-base-lite Base for new Confluent lightweight Docker images ${project.artifactId} From 4914e2b515c0aff333b0b6d88cf0ad73e7fd10d8 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Mon, 27 Jan 2025 16:20:14 +0530 Subject: [PATCH 34/49] add dockerfile for cp-base-lite --- base-lite/Dockerfile.ubi8 | 79 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) diff --git a/base-lite/Dockerfile.ubi8 b/base-lite/Dockerfile.ubi8 index e69de29bb2..736317514e 100644 --- a/base-lite/Dockerfile.ubi8 +++ b/base-lite/Dockerfile.ubi8 @@ -0,0 +1,79 @@ +# +# Copyright 2017 Confluent Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG UBI_MINIMAL_VERSION="latest" + +FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-java:${DOCKER_TAG} + +ARG PROJECT_VERSION +ARG ARTIFACT_ID + +# Remember where we came from +LABEL io.confluent.docker.git.repo="confluentinc/common-docker" + +ARG GIT_COMMIT +LABEL io.confluent.docker.git.id=$GIT_COMMIT + +ARG BUILD_NUMBER=-1 +LABEL io.confluent.docker.build.number=$BUILD_NUMBER + +LABEL maintainer="tools@confluent.io" +LABEL vendor="Confluent" +LABEL version=$GIT_COMMIT +LABEL release=$PROJECT_VERSION +LABEL name=$ARTIFACT_ID +LABEL summary="Common base image for new Confluent lightweight Docker images." +LABEL description="Common base image for Confluent lightweight Docker images." +LABEL io.confluent.docker=true + +# This affects how strings in Java class files are interpreted. We want UTF-8 and this is the only locale in the +# base image that supports it +ENV LANG="C.UTF-8" + +# Temurin JDK version +ARG TEMURIN_JDK_VERSION="" + +ENV UB_CLASSPATH=/usr/share/java/cp-base-lite/* + +RUN microdnf --nodocs install yum \ + && yum --nodocs update -y \ + && yum --nodocs install -y --setopt=install_weak_deps=False \ + "curl${CURL_VERSION}" \ + && microdnf clean all \ + && yum clean all \ + && rm -rf /tmp/* \ + && mkdir -p /etc/confluent/docker /usr/logs \ + && chown appuser:appuser -R /etc/confluent/ /usr/logs + +# This is a step that will cause the build to fail of the package manager detects a package update is availible and isn't installed. +# The ARG SKIP_SECURITY_UPDATE_CHECK is an "escape" hatch if you want to by-pass this check and build the container anyways, which +# is not advisable in terms of security posture. If set to false (which triggers a shell exit(1) if the check fails from the left +# hand of ||) this check will fail. If true (which triggers a right-hand || shell exit(0)), then this check will pass even if a +# security update is availible. We skip checks from TemurinJDK repos because Confluent pins those upstream versions for various reasons +# such as identified bugs in TemurinJDK's software. +ARG SKIP_SECURITY_UPDATE_CHECK="false" +RUN yum --disablerepo="temurin-jdk" check-update || "${SKIP_SECURITY_UPDATE_CHECK}" + +COPY --chown=appuser:appuser target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ +COPY --chown=appuser:appuser target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/java/${ARTIFACT_ID}/* /usr/share/java/${ARTIFACT_ID}/ + +COPY --chown=appuser:appuser include/etc/confluent/docker /etc/confluent/docker +COPY --chown=appuser:appuser include/etc/cp-base-lite /etc/cp-base-lite + +RUN mkdir /licenses +COPY license.txt /licenses + +USER appuser +WORKDIR /home/appuser \ No newline at end of file From d3d6e456751735355bfcb418c2e4d97a0c537ca7 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Tue, 28 Jan 2025 12:58:11 +0530 Subject: [PATCH 35/49] add log4j properties --- base-lite/include/etc/cp-base-lite/log4j.properties | 1 + 1 file changed, 1 insertion(+) create mode 120000 base-lite/include/etc/cp-base-lite/log4j.properties diff --git a/base-lite/include/etc/cp-base-lite/log4j.properties b/base-lite/include/etc/cp-base-lite/log4j.properties new file mode 120000 index 0000000000..c6aeab5903 --- /dev/null +++ b/base-lite/include/etc/cp-base-lite/log4j.properties @@ -0,0 +1 @@ +../../../../base/include/etc/cp-base-new/log4j.properties \ No newline at end of file From 35b2f3aefaae8f6a606813e4d67de6773c77c722 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Tue, 28 Jan 2025 14:39:31 +0530 Subject: [PATCH 36/49] rename test to base_java --- .../test/{test_base_lite_image.py => test_base_java_image.py} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename base-java/test/{test_base_lite_image.py => test_base_java_image.py} (88%) diff --git a/base-java/test/test_base_lite_image.py b/base-java/test/test_base_java_image.py similarity index 88% rename from base-java/test/test_base_lite_image.py rename to base-java/test/test_base_java_image.py index 404a6db9d3..aa0b454fc4 100644 --- a/base-java/test/test_base_lite_image.py +++ b/base-java/test/test_base_java_image.py @@ -4,10 +4,10 @@ import confluent.docker_utils as utils -class BaseLiteImageTest(unittest.TestCase): +class BaseJavaImageTest(unittest.TestCase): def setUp(self): - self.image = "{0}confluentinc/cp-base-lite:{1}".format(os.environ["DOCKER_REGISTRY"], os.environ["DOCKER_TAG"]) + self.image = "{0}confluentinc/cp-base-java:{1}".format(os.environ["DOCKER_REGISTRY"], os.environ["DOCKER_TAG"]) def test_image_build(self): self.assertTrue(utils.image_exists(self.image)) From 7acf42de0b695bd32ed27c293fc7b30b1148f4ec Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Tue, 28 Jan 2025 14:52:41 +0530 Subject: [PATCH 37/49] modify test for base-java --- base-java/test/test_base_java_image.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base-java/test/test_base_java_image.py b/base-java/test/test_base_java_image.py index aa0b454fc4..3cd7dc3b30 100644 --- a/base-java/test/test_base_java_image.py +++ b/base-java/test/test_base_java_image.py @@ -20,7 +20,7 @@ def test_ub_runnable(self): self.assertTrue(b"utility commands" in utils.run_docker_command(image=self.image, command=ub_cmd)) def test_kafka_ready_jar(self): - java_cmd = "bash -c 'java -cp \"/usr/share/java/cp-base-lite/*\" io.confluent.admin.utils.cli.KafkaReadyCommand -h'" + java_cmd = "bash -c 'java -cp \"/usr/share/java/cp-base-java/*\" io.confluent.admin.utils.cli.KafkaReadyCommand -h'" self.assertTrue(b"Check if Kafka is ready" in utils.run_docker_command(image=self.image, command=java_cmd)) From 21b80493bb839ebdd9cbcf52b4a327b057661250 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 29 Jan 2025 10:49:28 +0530 Subject: [PATCH 38/49] add test back for cp-base-lite --- base-lite/test/test_base_java_image.py | 28 ++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 base-lite/test/test_base_java_image.py diff --git a/base-lite/test/test_base_java_image.py b/base-lite/test/test_base_java_image.py new file mode 100644 index 0000000000..0922dee835 --- /dev/null +++ b/base-lite/test/test_base_java_image.py @@ -0,0 +1,28 @@ +import os +import unittest + +import confluent.docker_utils as utils + + +class BaseJavaImageTest(unittest.TestCase): + + def setUp(self): + self.image = "{0}confluentinc/cp-base-lite:{1}".format(os.environ["DOCKER_REGISTRY"], os.environ["DOCKER_TAG"]) + + def test_image_build(self): + self.assertTrue(utils.image_exists(self.image)) + + def test_ub_exists(self): + self.assertTrue(utils.path_exists_in_image(self.image, "/usr/bin/ub")) + + def test_ub_runnable(self): + ub_cmd = "bash -c '/usr/bin/ub -h'" + self.assertTrue(b"utility commands" in utils.run_docker_command(image=self.image, command=ub_cmd)) + + def test_kafka_ready_jar(self): + java_cmd = "bash -c 'java -cp \"/usr/share/java/cp-base-lite/*\" io.confluent.admin.utils.cli.KafkaReadyCommand -h'" + self.assertTrue(b"Check if Kafka is ready" in utils.run_docker_command(image=self.image, command=java_cmd)) + + +if __name__ == '__main__': + unittest.main() From edcd55c3f4cfd8c4dc5ae72298254d20f92f8d82 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 29 Jan 2025 11:53:44 +0530 Subject: [PATCH 39/49] change image name --- .semaphore/semaphore.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index f9ee378aba..092c6ddce1 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -72,7 +72,7 @@ global_job_config: - export DOCKER_UPSTREAM_REGISTRY=$DOCKER_DEV_REGISTRY - export LATEST_TAG=$BRANCH_TAG-latest - export DOCKER_UPSTREAM_TAG="$LATEST_TAG" - - export DOCKER_REPOS="confluentinc/cp-base-jre17 confluentinc/cp-base-new confluentinc/cp-base-lite confluentinc/cp-jmxterm" + - export DOCKER_REPOS="confluentinc/cp-base-java confluentinc/cp-base-new confluentinc/cp-base-lite confluentinc/cp-jmxterm" - export DOCKER_DEV_TAG="dev-$BRANCH_TAG-$BUILD_NUMBER" - export AMD_ARCH=.amd64 - export ARM_ARCH=.arm64 From b20eec5bfff19f00bc563a35afe0e9e83e131f0b Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 29 Jan 2025 11:54:58 +0530 Subject: [PATCH 40/49] minor optimizations --- base-java/Dockerfile.ubi8 | 59 ++++++++++++++++----------------------- 1 file changed, 24 insertions(+), 35 deletions(-) diff --git a/base-java/Dockerfile.ubi8 b/base-java/Dockerfile.ubi8 index 2f55f549fd..716ff957a8 100644 --- a/base-java/Dockerfile.ubi8 +++ b/base-java/Dockerfile.ubi8 @@ -1,38 +1,22 @@ -ARG MICRODIR=/microdir -ARG UBI_MICRO_VERSION=8.10-13 -ARG TEMURIN_JDK_VERSION="21.0.6.0.0.7-1" -ARG DOCKER_UPSTREAM_REGISTRY="519856050701.dkr.ecr.us-west-2.amazonaws.com/docker/prod/" +ARG UBI_MICRO_VERSION +ARG TEMURIN_JDK_VERSION +ARG DOCKER_UPSTREAM_REGISTRY ARG DOCKER_UPSTREAM_TAG ARG GOLANG_VERSION -ARG UBI_MINIMAL_VERSION="latest" -ARG UBI9_MINIMAL_VERSION="latest" +ARG UBI_MINIMAL_VERSION FROM docker.io/golang:${GOLANG_VERSION} AS build-ub-package-dedupe -WORKDIR /build RUN useradd --no-log-init --create-home --shell /bin/bash appuser +WORKDIR /build/package_dedupe +COPY --chown=appuser:appuser package_dedupe/ ./ +RUN go build -ldflags="-w -s" ./package_dedupe.go +WORKDIR /build/ub COPY --chown=appuser:appuser ub/ ./ RUN go build -ldflags="-w -s" ./ub.go USER appuser RUN go test ./... -COPY --chown=appuser:appuser package_dedupe/package_dedupe.go ./ -USER root -RUN go build -ldflags="-w -s" ./package_dedupe.go - -FROM registry.access.redhat.com/ubi8 AS BUILD -RUN printf "[temurin-jre] \n\ -name=temurin-jre \n\ -baseurl=https://packages.adoptium.net/artifactory/rpm/rhel/\$releasever/\$basearch \n\ -enabled=1 \n\ -gpgcheck=1 \n\ -gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ -" > /etc/yum.repos.d/adoptium.repo -RUN echo "installing temurin-21-jre:${TEMURIN_JDK_VERSION}" -RUN yum --nodocs install -y --setopt=install_weak_deps=False temurin-21-jre - -RUN yum clean all - -FROM registry.access.redhat.com/ubi9-minimal:${UBI9_MINIMAL_VERSION} AS REFRESH +FROM registry.access.redhat.com/ubi9-minimal:${UBI_MINIMAL_VERSION} AS REFRESH ARG PROJECT_VERSION ARG ARTIFACT_ID @@ -57,22 +41,27 @@ LABEL io.confluent.docker=true # base image that supports it ENV LANG="C.UTF-8" -#ARG MICRODIR -COPY --from=BUILD /usr/lib/jvm/temurin-21-jre/ usr/lib -COPY --from=build-ub-package-dedupe /build/package_dedupe /usr/lib/bin/package_dedupe -COPY --from=build-ub-package-dedupe /build/ub /usr/bin +RUN printf "[temurin-jre] \n\ +name=temurin-jre \n\ +baseurl=https://packages.adoptium.net/artifactory/rpm/rhel/\$releasever/\$basearch \n\ +enabled=1 \n\ +gpgcheck=1 \n\ +gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ +" > /etc/yum.repos.d/adoptium.repo +RUN echo "installing temurin-21-jre:${TEMURIN_JDK_VERSION}" \ + && yum --nodocs install -y --setopt=install_weak_deps=False temurin-21-jre + && yum clean all + && useradd --no-log-init --create-home --shell /bin/bash appuser -ENV PATH="/usr/lib/bin:${PATH}" +COPY --from=build-ub-package-dedupe /build/package_dedupe /usr/bin/package_dedupe +COPY --from=build-ub-package-dedupe /build/ub /usr/bin/ub -RUN echo "appuser:x:1001:1001::/home/appuser:/bin/sh" >> /etc/passwd && \ - mkdir -p /home/appuser && \ - chown 1001:1001 /home/appuser COPY target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ COPY target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/java/${ARTIFACT_ID}/* /usr/share/java/${ARTIFACT_ID}/ +COPY --chown=appuser:appuser include/etc/confluent/docker /etc/confluent/docker +COPY --chown=appuser:appuser include/etc/cp-base-java /etc/cp-base-java -RUN cd /usr/share/java \ - && package_dedupe $(pwd) USER appuser WORKDIR /home/appuser From 106d5eacd2c8507d0abdb01a402b52870f9cba60 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 29 Jan 2025 11:55:41 +0530 Subject: [PATCH 41/49] set default ubi minimal to use ubi9 --- base-java/pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/base-java/pom.xml b/base-java/pom.xml index d2a3cf65ee..d59938eba4 100644 --- a/base-java/pom.xml +++ b/base-java/pom.xml @@ -85,7 +85,7 @@ dockerfile-maven-plugin - ${ubi.image.version} + ${ubi9.image.version} -${ubi.temurin.jdk.version} ${docker.skip-security-update-check} ${golang.version} @@ -101,7 +101,7 @@ - ${ubi.image.version} + ${ubi9.image.version} -${ubi.temurin.jdk.version} ${docker.skip-security-update-check} From d36386e102775544453e1f4f833425bb95cc1778 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 29 Jan 2025 12:46:43 +0530 Subject: [PATCH 42/49] update java to 21 --- base-java/Dockerfile.ubi8 | 8 +++++--- pom.xml | 3 +-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/base-java/Dockerfile.ubi8 b/base-java/Dockerfile.ubi8 index 716ff957a8..ebf1c92a34 100644 --- a/base-java/Dockerfile.ubi8 +++ b/base-java/Dockerfile.ubi8 @@ -48,9 +48,11 @@ enabled=1 \n\ gpgcheck=1 \n\ gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ " > /etc/yum.repos.d/adoptium.repo -RUN echo "installing temurin-21-jre:${TEMURIN_JDK_VERSION}" \ - && yum --nodocs install -y --setopt=install_weak_deps=False temurin-21-jre - && yum clean all + +RUN microdnf install yum \ + && echo "installing temurin-21-jre:${TEMURIN_JDK_VERSION}" \ + && yum --nodocs install -y --setopt=install_weak_deps=False temurin-21-jre${TEMURIN_JDK_VERSION} \ + && yum clean all \ && useradd --no-log-init --create-home --shell /bin/bash appuser COPY --from=build-ub-package-dedupe /build/package_dedupe /usr/bin/package_dedupe diff --git a/pom.xml b/pom.xml index eb74d3cb0f..6f00a9e249 100644 --- a/pom.xml +++ b/pom.xml @@ -36,7 +36,6 @@ 8.10-1154 9.5-1736404155 - 8.10-13 3.0.9 @@ -55,7 +54,7 @@ 1:4.6.0-21.el8 20230731-1.git3177e06.el8 - 17.0.13.0.0.11-2 + 21.0.6.0.0.7-1 20.* 71.1.0 From 390a2550713067d43fca751734232fa68a5f16ae Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 29 Jan 2025 13:07:42 +0530 Subject: [PATCH 43/49] add yes to install yum --- base-java/Dockerfile.ubi8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base-java/Dockerfile.ubi8 b/base-java/Dockerfile.ubi8 index ebf1c92a34..0c7a23ae4a 100644 --- a/base-java/Dockerfile.ubi8 +++ b/base-java/Dockerfile.ubi8 @@ -49,7 +49,7 @@ gpgcheck=1 \n\ gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ " > /etc/yum.repos.d/adoptium.repo -RUN microdnf install yum \ +RUN microdnf install -y yum \ && echo "installing temurin-21-jre:${TEMURIN_JDK_VERSION}" \ && yum --nodocs install -y --setopt=install_weak_deps=False temurin-21-jre${TEMURIN_JDK_VERSION} \ && yum clean all \ From 203090f78cd849695cbdd2db1006187b8d194f61 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 29 Jan 2025 14:37:12 +0530 Subject: [PATCH 44/49] fix issues due to symlink --- base-lite/Dockerfile.ubi8 | 14 +++++++------- base-lite/license.txt | 1 + 2 files changed, 8 insertions(+), 7 deletions(-) create mode 100644 base-lite/license.txt diff --git a/base-lite/Dockerfile.ubi8 b/base-lite/Dockerfile.ubi8 index 736317514e..5ac5161c81 100644 --- a/base-lite/Dockerfile.ubi8 +++ b/base-lite/Dockerfile.ubi8 @@ -13,9 +13,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -ARG UBI_MINIMAL_VERSION="latest" - -FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-java:${DOCKER_TAG} +ARG DOCKER_UPSTREAM_REGISTRY +ARG DOCKER_UPSTREAM_TAG +FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-java:${DOCKER_UPSTREAM_TAG} ARG PROJECT_VERSION ARG ARTIFACT_ID @@ -47,9 +47,10 @@ ARG TEMURIN_JDK_VERSION="" ENV UB_CLASSPATH=/usr/share/java/cp-base-lite/* -RUN microdnf --nodocs install yum \ - && yum --nodocs update -y \ - && yum --nodocs install -y --setopt=install_weak_deps=False \ +USER root + +RUN yum --nodocs update -y \ + && yum --nodocs install -y --setopt=install_weak_deps=False --allowerasing \ "curl${CURL_VERSION}" \ && microdnf clean all \ && yum clean all \ @@ -69,7 +70,6 @@ RUN yum --disablerepo="temurin-jdk" check-update || "${SKIP_SECURITY_UPDATE_CHEC COPY --chown=appuser:appuser target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/doc/* /usr/share/doc/${ARTIFACT_ID}/ COPY --chown=appuser:appuser target/${ARTIFACT_ID}-${PROJECT_VERSION}-package/share/java/${ARTIFACT_ID}/* /usr/share/java/${ARTIFACT_ID}/ -COPY --chown=appuser:appuser include/etc/confluent/docker /etc/confluent/docker COPY --chown=appuser:appuser include/etc/cp-base-lite /etc/cp-base-lite RUN mkdir /licenses diff --git a/base-lite/license.txt b/base-lite/license.txt new file mode 100644 index 0000000000..bb7cc57a2e --- /dev/null +++ b/base-lite/license.txt @@ -0,0 +1 @@ +Copyright 2023 Confluent, Inc. \ No newline at end of file From 3743bc1bbe0920563c5d820f5883e028d52afd9f Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 29 Jan 2025 15:04:24 +0530 Subject: [PATCH 45/49] fix test for directory change --- base-java/test/test_base_java_image.py | 2 +- base-lite/test/test_base_java_image.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/base-java/test/test_base_java_image.py b/base-java/test/test_base_java_image.py index 3cd7dc3b30..561155734e 100644 --- a/base-java/test/test_base_java_image.py +++ b/base-java/test/test_base_java_image.py @@ -16,7 +16,7 @@ def test_ub_exists(self): self.assertTrue(utils.path_exists_in_image(self.image, "/usr/bin/ub")) def test_ub_runnable(self): - ub_cmd = "bash -c '/usr/bin/ub -h'" + ub_cmd = "bash -c '/usr/bin/ub/ub -h'" self.assertTrue(b"utility commands" in utils.run_docker_command(image=self.image, command=ub_cmd)) def test_kafka_ready_jar(self): diff --git a/base-lite/test/test_base_java_image.py b/base-lite/test/test_base_java_image.py index 0922dee835..87e55c2294 100644 --- a/base-lite/test/test_base_java_image.py +++ b/base-lite/test/test_base_java_image.py @@ -16,7 +16,7 @@ def test_ub_exists(self): self.assertTrue(utils.path_exists_in_image(self.image, "/usr/bin/ub")) def test_ub_runnable(self): - ub_cmd = "bash -c '/usr/bin/ub -h'" + ub_cmd = "bash -c '/usr/bin/ub/ub -h'" self.assertTrue(b"utility commands" in utils.run_docker_command(image=self.image, command=ub_cmd)) def test_kafka_ready_jar(self): From 3d28ec3d86286cf2fb6ded30bc6ee9f760be3c01 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 29 Jan 2025 15:52:36 +0530 Subject: [PATCH 46/49] cherry pick #622 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 6f00a9e249..8f1ffc8e34 100644 --- a/pom.xml +++ b/pom.xml @@ -49,8 +49,8 @@ 20180629-11.el8 3.20-6.el8 5.2.4-4.el8_6 - 2.28-251.el8_10.5 - 7.61.1-34.el8_10.2 + 2.28-251.el8_10.11 + 7.61.1-34.el8_10.3 1:4.6.0-21.el8 20230731-1.git3177e06.el8 From 3d1450d6e898d063b48c417085416245558ce56a Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 29 Jan 2025 15:55:56 +0530 Subject: [PATCH 47/49] update base to use java21 --- base/Dockerfile.ubi8 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/base/Dockerfile.ubi8 b/base/Dockerfile.ubi8 index 2424a391f6..01be505cb2 100644 --- a/base/Dockerfile.ubi8 +++ b/base/Dockerfile.ubi8 @@ -126,7 +126,7 @@ RUN microdnf --nodocs install yum \ "libcurl${CURL_VERSION}" \ "findutils${FINDUTILS_VERSION}" \ "crypto-policies-scripts${CRYPTO_POLICIES_SCRIPTS_VERSION}" \ - "temurin-17-jdk${TEMURIN_JDK_VERSION}" "temurin-17-jre${TEMURIN_JDK_VERSION}" \ + "temurin-21-jdk${TEMURIN_JDK_VERSION}" "temurin-21-jre${TEMURIN_JDK_VERSION}" \ && alternatives --set python /usr/bin/python3 \ && python3 -m pip install --upgrade "setuptools${PYTHON_SETUPTOOLS_VERSION}" \ && python3 -m pip install --prefer-binary --prefix=/usr/local --upgrade "${PYTHON_CONFLUENT_DOCKER_UTILS_INSTALL_SPEC}" \ From 3bea0757f8e8f154af5760dedd3255fbbff960a8 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 29 Jan 2025 16:23:21 +0530 Subject: [PATCH 48/49] update tag for base-lite --- base-lite/Dockerfile.ubi8 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/base-lite/Dockerfile.ubi8 b/base-lite/Dockerfile.ubi8 index 5ac5161c81..9f36d40076 100644 --- a/base-lite/Dockerfile.ubi8 +++ b/base-lite/Dockerfile.ubi8 @@ -14,8 +14,8 @@ # limitations under the License. ARG DOCKER_UPSTREAM_REGISTRY -ARG DOCKER_UPSTREAM_TAG -FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-java:${DOCKER_UPSTREAM_TAG} +ARG DOCKER_TAG +FROM ${DOCKER_UPSTREAM_REGISTRY}confluentinc/cp-base-java:${DOCKER_TAG} ARG PROJECT_VERSION ARG ARTIFACT_ID From dc790b93652edfea93cf81c71fb528fd87e85312 Mon Sep 17 00:00:00 2001 From: Hrithik Kulkarni Date: Wed, 29 Jan 2025 18:12:16 +0530 Subject: [PATCH 49/49] replace yum with microdnf --- base-java/Dockerfile.ubi8 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/base-java/Dockerfile.ubi8 b/base-java/Dockerfile.ubi8 index 0c7a23ae4a..344ebdb3f3 100644 --- a/base-java/Dockerfile.ubi8 +++ b/base-java/Dockerfile.ubi8 @@ -49,10 +49,9 @@ gpgcheck=1 \n\ gpgkey=https://packages.adoptium.net/artifactory/api/gpg/key/public \n\ " > /etc/yum.repos.d/adoptium.repo -RUN microdnf install -y yum \ - && echo "installing temurin-21-jre:${TEMURIN_JDK_VERSION}" \ - && yum --nodocs install -y --setopt=install_weak_deps=False temurin-21-jre${TEMURIN_JDK_VERSION} \ - && yum clean all \ +RUN echo "installing temurin-21-jre:${TEMURIN_JDK_VERSION}" \ + && microdnf install -y temurin-21-jre${TEMURIN_JDK_VERSION} \ + && microdnf clean all \ && useradd --no-log-init --create-home --shell /bin/bash appuser COPY --from=build-ub-package-dedupe /build/package_dedupe /usr/bin/package_dedupe