Fixed web-service image. No more sandbox requirement

This commit is contained in:
Alexey Pustovalov 2023-01-20 16:30:08 +09:00
parent 1b858a241e
commit 3bd7f8dc08
23 changed files with 185 additions and 0 deletions

View File

@ -34,6 +34,7 @@ RUN set -eux && \
openipmi-dev \
openldap-dev \
openssl-dev \
patch \
pcre2-dev \
postgresql-dev \
openjdk8 \

View File

@ -23,6 +23,7 @@ RUN set -eux && \
automake \
bash \
gcc \
patch \
pcre2-devel \
libcurl-devel \
libevent-devel \

View File

@ -23,6 +23,7 @@ RUN set -eux && \
bash \
gcc \
go-toolset \
patch \
pcre2-devel \
libcurl-devel \
libevent-devel \

View File

@ -35,6 +35,7 @@ RUN set -eux && \
bash \
gcc \
go-toolset \
patch \
pcre2-devel \
libcurl-devel \
libevent-devel \

View File

@ -38,6 +38,7 @@ RUN set -eux && \
libxml2-dev \
make \
openjdk-8-jdk-headless \
patch \
pkg-config \
gettext \
git \

View File

@ -22,6 +22,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
ENV MONGODB_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mongodb.git MONGODB_PLUGIN_VERSION=master \
POSTGRESQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/postgresql.git POSTGRESQL_PLUGIN_VERSION=master
COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
RUN set -eux && \
ARCH_SUFFIX="$(arch)"; \
case "$ARCH_SUFFIX" in \
@ -45,6 +47,7 @@ RUN set -eux && \
cd /tmp/ && \
git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${ZBX_VERSION} --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
cd /tmp/zabbix-${ZBX_VERSION} && \
patch -p1 < /tmp/chromedp_no_sandbox.patch && \
zabbix_revision=`git rev-parse --short HEAD` && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

View File

@ -0,0 +1,17 @@
diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
index afab41204d1..f1a9b859f34 100644
--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
return
}
- opts := chromedp.DefaultExecAllocatorOptions[:]
+ opts := append(chromedp.DefaultExecAllocatorOptions[:],
+ chromedp.DisableGPU,
+ chromedp.NoSandbox,
+ chromedp.Flag("disable-setuid-sandbox", true),
+ )
if options.IgnoreURLCertErrors == 1 {
opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

View File

@ -22,6 +22,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
ENV MONGODB_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mongodb.git MONGODB_PLUGIN_VERSION=master \
POSTGRESQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/postgresql.git POSTGRESQL_PLUGIN_VERSION=master
COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
RUN set -eux && \
ARCH_SUFFIX="$(arch)"; \
case "$ARCH_SUFFIX" in \
@ -39,6 +41,7 @@ RUN set -eux && \
cd /tmp/ && \
git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${ZBX_VERSION} --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
cd /tmp/zabbix-${ZBX_VERSION} && \
patch -p1 < /tmp/chromedp_no_sandbox.patch && \
zabbix_revision=`git rev-parse --short HEAD` && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

View File

@ -0,0 +1,17 @@
diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
index afab41204d1..f1a9b859f34 100644
--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
return
}
- opts := chromedp.DefaultExecAllocatorOptions[:]
+ opts := append(chromedp.DefaultExecAllocatorOptions[:],
+ chromedp.DisableGPU,
+ chromedp.NoSandbox,
+ chromedp.Flag("disable-setuid-sandbox", true),
+ )
if options.IgnoreURLCertErrors == 1 {
opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

View File

@ -22,10 +22,13 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
ENV MONGODB_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mongodb.git MONGODB_PLUGIN_VERSION=master \
POSTGRESQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/postgresql.git POSTGRESQL_PLUGIN_VERSION=master
COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
RUN set -eux && \
cd /tmp/ && \
git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${ZBX_VERSION} --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
cd /tmp/zabbix-${ZBX_VERSION} && \
patch -p1 < /tmp/chromedp_no_sandbox.patch && \
zabbix_revision=`git rev-parse --short HEAD` && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

View File

@ -0,0 +1,17 @@
diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
index afab41204d1..f1a9b859f34 100644
--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
return
}
- opts := chromedp.DefaultExecAllocatorOptions[:]
+ opts := append(chromedp.DefaultExecAllocatorOptions[:],
+ chromedp.DisableGPU,
+ chromedp.NoSandbox,
+ chromedp.Flag("disable-setuid-sandbox", true),
+ )
if options.IgnoreURLCertErrors == 1 {
opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

View File

@ -32,6 +32,8 @@ LABEL description="Zabbix build base for MySQL based images" \
ENV MONGODB_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mongodb.git MONGODB_PLUGIN_VERSION=master \
POSTGRESQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/postgresql.git POSTGRESQL_PLUGIN_VERSION=master
COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
RUN set -eux && \
ARCH_SUFFIX="$(arch)"; \
case "$ARCH_SUFFIX" in \
@ -49,6 +51,7 @@ RUN set -eux && \
cd /tmp/ && \
git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${ZBX_VERSION} --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
cd /tmp/zabbix-${ZBX_VERSION} && \
patch -p1 < /tmp/chromedp_no_sandbox.patch && \
zabbix_revision=`git rev-parse --short HEAD` && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

View File

@ -0,0 +1,17 @@
diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
index afab41204d1..f1a9b859f34 100644
--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
return
}
- opts := chromedp.DefaultExecAllocatorOptions[:]
+ opts := append(chromedp.DefaultExecAllocatorOptions[:],
+ chromedp.DisableGPU,
+ chromedp.NoSandbox,
+ chromedp.Flag("disable-setuid-sandbox", true),
+ )
if options.IgnoreURLCertErrors == 1 {
opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

View File

@ -22,6 +22,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
ENV MONGODB_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/mongodb.git MONGODB_PLUGIN_VERSION=master \
POSTGRESQL_PLUGIN_SOURCES=https://git.zabbix.com/scm/ap/postgresql.git POSTGRESQL_PLUGIN_VERSION=master
COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
RUN set -eux && \
ARCH_SUFFIX="$(arch)"; \
case "$ARCH_SUFFIX" in \
@ -45,6 +47,7 @@ RUN set -eux && \
cd /tmp/ && \
git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${ZBX_VERSION} --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
cd /tmp/zabbix-${ZBX_VERSION} && \
patch -p1 < /tmp/chromedp_no_sandbox.patch && \
zabbix_revision=`git rev-parse --short HEAD` && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

View File

@ -0,0 +1,17 @@
diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
index afab41204d1..f1a9b859f34 100644
--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
return
}
- opts := chromedp.DefaultExecAllocatorOptions[:]
+ opts := append(chromedp.DefaultExecAllocatorOptions[:],
+ chromedp.DisableGPU,
+ chromedp.NoSandbox,
+ chromedp.Flag("disable-setuid-sandbox", true),
+ )
if options.IgnoreURLCertErrors == 1 {
opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

View File

@ -19,6 +19,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
org.opencontainers.image.vendor="Zabbix LLC" \
org.opencontainers.image.version="${ZBX_VERSION}"
COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
RUN set -eux && \
ARCH_SUFFIX="$(arch)"; \
case "$ARCH_SUFFIX" in \
@ -42,6 +44,7 @@ RUN set -eux && \
cd /tmp/ && \
git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${ZBX_VERSION} --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
cd /tmp/zabbix-${ZBX_VERSION} && \
patch -p1 < /tmp/chromedp_no_sandbox.patch && \
zabbix_revision=`git rev-parse --short HEAD` && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

View File

@ -0,0 +1,17 @@
diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
index afab41204d1..f1a9b859f34 100644
--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
return
}
- opts := chromedp.DefaultExecAllocatorOptions[:]
+ opts := append(chromedp.DefaultExecAllocatorOptions[:],
+ chromedp.DisableGPU,
+ chromedp.NoSandbox,
+ chromedp.Flag("disable-setuid-sandbox", true),
+ )
if options.IgnoreURLCertErrors == 1 {
opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

View File

@ -19,6 +19,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
org.opencontainers.image.vendor="Zabbix LLC" \
org.opencontainers.image.version="${ZBX_VERSION}"
COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
RUN set -eux && \
ARCH_SUFFIX="$(arch)"; \
case "$ARCH_SUFFIX" in \
@ -36,6 +38,7 @@ RUN set -eux && \
cd /tmp/ && \
git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${ZBX_VERSION} --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
cd /tmp/zabbix-${ZBX_VERSION} && \
patch -p1 < /tmp/chromedp_no_sandbox.patch && \
zabbix_revision=`git rev-parse --short HEAD` && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

View File

@ -0,0 +1,17 @@
diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
index afab41204d1..f1a9b859f34 100644
--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
return
}
- opts := chromedp.DefaultExecAllocatorOptions[:]
+ opts := append(chromedp.DefaultExecAllocatorOptions[:],
+ chromedp.DisableGPU,
+ chromedp.NoSandbox,
+ chromedp.Flag("disable-setuid-sandbox", true),
+ )
if options.IgnoreURLCertErrors == 1 {
opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

View File

@ -19,10 +19,13 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
org.opencontainers.image.vendor="Zabbix LLC" \
org.opencontainers.image.version="${ZBX_VERSION}"
COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
RUN set -eux && \
cd /tmp/ && \
git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${ZBX_VERSION} --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
cd /tmp/zabbix-${ZBX_VERSION} && \
patch -p1 < /tmp/chromedp_no_sandbox.patch && \
zabbix_revision=`git rev-parse --short HEAD` && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

View File

@ -0,0 +1,17 @@
diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
index afab41204d1..f1a9b859f34 100644
--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
return
}
- opts := chromedp.DefaultExecAllocatorOptions[:]
+ opts := append(chromedp.DefaultExecAllocatorOptions[:],
+ chromedp.DisableGPU,
+ chromedp.NoSandbox,
+ chromedp.Flag("disable-setuid-sandbox", true),
+ )
if options.IgnoreURLCertErrors == 1 {
opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))

View File

@ -19,6 +19,8 @@ LABEL org.opencontainers.image.authors="Alexey Pustovalov <alexey.pustovalov@zab
org.opencontainers.image.vendor="Zabbix LLC" \
org.opencontainers.image.version="${ZBX_VERSION}"
COPY ["conf/chromedp_no_sandbox.patch", "/tmp/chromedp_no_sandbox.patch"]
RUN set -eux && \
ARCH_SUFFIX="$(arch)"; \
case "$ARCH_SUFFIX" in \
@ -42,6 +44,7 @@ RUN set -eux && \
cd /tmp/ && \
git -c advice.detachedHead=false clone ${ZBX_SOURCES} --branch ${ZBX_VERSION} --depth 1 --single-branch /tmp/zabbix-${ZBX_VERSION} && \
cd /tmp/zabbix-${ZBX_VERSION} && \
patch -p1 < /tmp/chromedp_no_sandbox.patch && \
zabbix_revision=`git rev-parse --short HEAD` && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" include/version.h && \
sed -i "s/{ZABBIX_REVISION}/$zabbix_revision/g" src/go/pkg/version/version.go && \

View File

@ -0,0 +1,17 @@
diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
index afab41204d1..f1a9b859f34 100644
--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go
+++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go
@@ -100,7 +100,11 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) {
return
}
- opts := chromedp.DefaultExecAllocatorOptions[:]
+ opts := append(chromedp.DefaultExecAllocatorOptions[:],
+ chromedp.DisableGPU,
+ chromedp.NoSandbox,
+ chromedp.Flag("disable-setuid-sandbox", true),
+ )
if options.IgnoreURLCertErrors == 1 {
opts = append(opts, chromedp.Flag("ignore-certificate-errors", "1"))