From 53666711159b0234ef4cf3093aac4e752f463029 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Sat, 2 Mar 2024 23:51:27 +0900 Subject: [PATCH] Review RHEL images. Removed unnecessary packages / repisotories --- .env | 5 +++++ .gitignore | 1 + Dockerfiles/agent/rhel/Dockerfile | 12 +++++++++++- Dockerfiles/agent2/rhel/Dockerfile | 16 +++++++++++----- Dockerfiles/build-base/rhel/Dockerfile | 1 + Dockerfiles/java-gateway/rhel/Dockerfile | 1 + Dockerfiles/proxy-mysql/rhel/Dockerfile | 11 +++++++++++ Dockerfiles/proxy-sqlite3/rhel/Dockerfile | 11 +++++++++++ Dockerfiles/server-mysql/rhel/Dockerfile | 12 +++++++++++- Dockerfiles/snmptraps/rhel/Dockerfile | 19 ++++++++++++++++++- Dockerfiles/web-nginx-mysql/rhel/Dockerfile | 14 ++++++++++++-- Dockerfiles/web-service/rhel/Dockerfile | 3 ++- 12 files changed, 95 insertions(+), 11 deletions(-) diff --git a/.env b/.env index fa5236d66..6168d9fce 100644 --- a/.env +++ b/.env @@ -3,6 +3,7 @@ ZABBIX_ALPINE_IMAGE_TAG=alpine ZABBIX_CENTOS_IMAGE_TAG=centos ZABBIX_OL_IMAGE_TAG=ol ZABBIX_UBUNTU_IMAGE_TAG=ubuntu +ZABBIX_RHEL_IMAGE_TAG=rhel ZABBIX_IMAGE_TAG_POSTFIX=-trunk ZABBIX_LOCAL_IMAGE_TAG_POSTFIX=-local @@ -65,6 +66,7 @@ ALPINE_CACHE_FROM=alpine:3.19 CENTOS_CACHE_FROM=quay.io/centos/centos:stream9 OL_CACHE_FROM=oraclelinux:9-slim UBUNTU_CACHE_FROM=ubuntu:jammy +RHEL_CACHE_FROM=registry.access.redhat.com/ubi9/ubi-minimal:9.3 # Base images BUILD_BASE_IMAGE=zabbix-build-base @@ -84,3 +86,6 @@ OL_OS_TAG_SHORT=ol UBUNTU_OS_TAG=Ubuntu UBUNTU_OS_TAG_SHORT=ubuntu + +RHEL_OS_TAG=Red Hat +RHEL_OS_TAG_SHORT=rhel diff --git a/.gitignore b/.gitignore index 03f34fddd..b2f027583 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ zbx_env*/ .*CERT_FILE .*KEY_FILE .*CA_FILE +Dockerfiles/*/rhel/secrets/* diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile index 32a530d93..de3f9c303 100644 --- a/Dockerfiles/agent/rhel/Dockerfile +++ b/Dockerfiles/agent/rhel/Dockerfile @@ -53,7 +53,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_agentd.conf", "/etc RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ INSTALL_PKGS="bash \ - tzdata \ iputils \ shadow-utils \ pcre2 \ @@ -63,6 +62,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \ rm -rf /tmp/epel-release-latest-9.noarch.rpm && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "epel" \ @@ -71,7 +71,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ diff --git a/Dockerfiles/agent2/rhel/Dockerfile b/Dockerfiles/agent2/rhel/Dockerfile index 1b23406bb..4a07e107a 100644 --- a/Dockerfiles/agent2/rhel/Dockerfile +++ b/Dockerfiles/agent2/rhel/Dockerfile @@ -58,26 +58,32 @@ COPY --from=builder ["/tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql", " RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ INSTALL_PKGS="bash \ - tzdata \ iputils \ shadow-utils \ pcre2 \ smartmontools \ sudo \ libcurl-minimal" && \ - curl -sSL -o /tmp/epel-release-latest-9.noarch.rpm https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm && \ - rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \ - rm -rf /tmp/epel-release-latest-9.noarch.rpm && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ - --enablerepo "epel" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ diff --git a/Dockerfiles/build-base/rhel/Dockerfile b/Dockerfiles/build-base/rhel/Dockerfile index 0acd4d044..cab98e671 100644 --- a/Dockerfiles/build-base/rhel/Dockerfile +++ b/Dockerfiles/build-base/rhel/Dockerfile @@ -30,6 +30,7 @@ LABEL description="Prepared environment to build Zabbix components" \ COPY ["licenses", "/licenses"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="autoconf \ automake \ diff --git a/Dockerfiles/java-gateway/rhel/Dockerfile b/Dockerfiles/java-gateway/rhel/Dockerfile index a403a9ede..f951115b7 100644 --- a/Dockerfiles/java-gateway/rhel/Dockerfile +++ b/Dockerfiles/java-gateway/rhel/Dockerfile @@ -55,6 +55,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ shadow-utils \ java-17-openjdk-headless" && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \ diff --git a/Dockerfiles/proxy-mysql/rhel/Dockerfile b/Dockerfiles/proxy-mysql/rhel/Dockerfile index 0c9228d1c..5057b314d 100644 --- a/Dockerfiles/proxy-mysql/rhel/Dockerfile +++ b/Dockerfiles/proxy-mysql/rhel/Dockerfile @@ -54,6 +54,7 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql.gz", "/usr/share/doc/zabbix-proxy-mysql/create.sql.gz"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ traceroute \ @@ -90,7 +91,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --best \ diff --git a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile index cdaea8f6f..436ea806b 100644 --- a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile @@ -53,6 +53,7 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ traceroute \ @@ -86,7 +87,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ diff --git a/Dockerfiles/server-mysql/rhel/Dockerfile b/Dockerfiles/server-mysql/rhel/Dockerfile index 1ecf82dea..d52bcddbb 100644 --- a/Dockerfiles/server-mysql/rhel/Dockerfile +++ b/Dockerfiles/server-mysql/rhel/Dockerfile @@ -54,13 +54,13 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_server.conf", "/etc COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ traceroute \ nmap \ fping \ shadow-utils \ - tzdata \ iputils \ hostname \ libssh \ @@ -94,7 +94,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ diff --git a/Dockerfiles/snmptraps/rhel/Dockerfile b/Dockerfiles/snmptraps/rhel/Dockerfile index 416b75b3a..8e7e128f3 100644 --- a/Dockerfiles/snmptraps/rhel/Dockerfile +++ b/Dockerfiles/snmptraps/rhel/Dockerfile @@ -46,9 +46,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ INSTALL_PKGS="bash \ shadow-utils \ - tzdata \ net-snmp" && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo="*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \ @@ -57,6 +57,23 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ + microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ groupadd \ --system \ --gid 1995 \ diff --git a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile index 0b5031c58..e39f4f165 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile @@ -49,9 +49,9 @@ COPY ["conf/etc/", "/etc/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ - tzdata \ curl-minimal \ supervisor \ shadow-utils \ @@ -83,12 +83,22 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ - microdnf -y reinstall \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --best \ --setopt=tsflags=nodocs \ + tzdata && \ + microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ + --best \ + --setopt=tsflags=nodocs \ tzdata && \ groupadd \ --system \ diff --git a/Dockerfiles/web-service/rhel/Dockerfile b/Dockerfiles/web-service/rhel/Dockerfile index 172b96093..150f3fac5 100644 --- a/Dockerfiles/web-service/rhel/Dockerfile +++ b/Dockerfiles/web-service/rhel/Dockerfile @@ -50,6 +50,7 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/bin/zabbix_web_service", COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/conf/zabbix_web_service.conf", "/etc/zabbix/zabbix_web_service.conf"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ shadow-utils \ @@ -62,7 +63,6 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \ - --enablerepo "rhel-9-for-$ARCH_SUFFIX-baseos-rpms" \ --enablerepo "rhel-9-for-$ARCH_SUFFIX-appstream-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ @@ -71,6 +71,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \