From a7155b01a15896b32808a20d630f5ae4aeb50ba7 Mon Sep 17 00:00:00 2001 From: Alexey Pustovalov Date: Thu, 29 Feb 2024 02:21:49 +0900 Subject: [PATCH] 1. Disable subscription-manager plugin for tzdata operations.\n2. Using secrets directory to share pki / subscription data from host\n3. Initially update tzdata, then reinstall --- Dockerfiles/agent/rhel/Dockerfile | 12 +++++++++++- Dockerfiles/agent2/rhel/Dockerfile | 12 +++++++++++- Dockerfiles/build-base/rhel/Dockerfile | 1 + Dockerfiles/java-gateway/rhel/Dockerfile | 1 + Dockerfiles/proxy-mysql/rhel/Dockerfile | 11 +++++++++++ Dockerfiles/proxy-sqlite3/rhel/Dockerfile | 11 +++++++++++ Dockerfiles/server-mysql/rhel/Dockerfile | 12 +++++++++++- Dockerfiles/snmptraps/rhel/Dockerfile | 19 ++++++++++++++++++- Dockerfiles/web-nginx-mysql/rhel/Dockerfile | 14 ++++++++++++-- Dockerfiles/web-service/rhel/Dockerfile | 3 ++- 10 files changed, 89 insertions(+), 7 deletions(-) diff --git a/Dockerfiles/agent/rhel/Dockerfile b/Dockerfiles/agent/rhel/Dockerfile index 32a530d93..de3f9c303 100644 --- a/Dockerfiles/agent/rhel/Dockerfile +++ b/Dockerfiles/agent/rhel/Dockerfile @@ -53,7 +53,6 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_agentd.conf", "/etc RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ INSTALL_PKGS="bash \ - tzdata \ iputils \ shadow-utils \ pcre2 \ @@ -63,6 +62,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \ rm -rf /tmp/epel-release-latest-9.noarch.rpm && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "epel" \ @@ -71,7 +71,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ diff --git a/Dockerfiles/agent2/rhel/Dockerfile b/Dockerfiles/agent2/rhel/Dockerfile index 1b23406bb..7bf7b6e58 100644 --- a/Dockerfiles/agent2/rhel/Dockerfile +++ b/Dockerfiles/agent2/rhel/Dockerfile @@ -58,7 +58,6 @@ COPY --from=builder ["/tmp/postgresql_plugin/zabbix-agent2-plugin-postgresql", " RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ INSTALL_PKGS="bash \ - tzdata \ iputils \ shadow-utils \ pcre2 \ @@ -69,6 +68,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ rpm -ivh /tmp/epel-release-latest-9.noarch.rpm && \ rm -rf /tmp/epel-release-latest-9.noarch.rpm && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "epel" \ @@ -77,7 +77,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ diff --git a/Dockerfiles/build-base/rhel/Dockerfile b/Dockerfiles/build-base/rhel/Dockerfile index 0acd4d044..cab98e671 100644 --- a/Dockerfiles/build-base/rhel/Dockerfile +++ b/Dockerfiles/build-base/rhel/Dockerfile @@ -30,6 +30,7 @@ LABEL description="Prepared environment to build Zabbix components" \ COPY ["licenses", "/licenses"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="autoconf \ automake \ diff --git a/Dockerfiles/java-gateway/rhel/Dockerfile b/Dockerfiles/java-gateway/rhel/Dockerfile index a403a9ede..f951115b7 100644 --- a/Dockerfiles/java-gateway/rhel/Dockerfile +++ b/Dockerfiles/java-gateway/rhel/Dockerfile @@ -55,6 +55,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ shadow-utils \ java-17-openjdk-headless" && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \ diff --git a/Dockerfiles/proxy-mysql/rhel/Dockerfile b/Dockerfiles/proxy-mysql/rhel/Dockerfile index 0c9228d1c..5057b314d 100644 --- a/Dockerfiles/proxy-mysql/rhel/Dockerfile +++ b/Dockerfiles/proxy-mysql/rhel/Dockerfile @@ -54,6 +54,7 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_proxy.sql.gz", "/usr/share/doc/zabbix-proxy-mysql/create.sql.gz"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ traceroute \ @@ -90,7 +91,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --best \ diff --git a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile index cdaea8f6f..436ea806b 100644 --- a/Dockerfiles/proxy-sqlite3/rhel/Dockerfile +++ b/Dockerfiles/proxy-sqlite3/rhel/Dockerfile @@ -53,6 +53,7 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/zabbix_sender/zabbix_sender COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_proxy.conf", "/etc/zabbix/zabbix_proxy.conf"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ traceroute \ @@ -86,7 +87,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ diff --git a/Dockerfiles/server-mysql/rhel/Dockerfile b/Dockerfiles/server-mysql/rhel/Dockerfile index 1ecf82dea..d52bcddbb 100644 --- a/Dockerfiles/server-mysql/rhel/Dockerfile +++ b/Dockerfiles/server-mysql/rhel/Dockerfile @@ -54,13 +54,13 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/conf/zabbix_server.conf", "/etc COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/database/mysql/create_server.sql.gz", "/usr/share/doc/zabbix-server-mysql/create.sql.gz"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ traceroute \ nmap \ fping \ shadow-utils \ - tzdata \ iputils \ hostname \ libssh \ @@ -94,7 +94,17 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ diff --git a/Dockerfiles/snmptraps/rhel/Dockerfile b/Dockerfiles/snmptraps/rhel/Dockerfile index 416b75b3a..8e7e128f3 100644 --- a/Dockerfiles/snmptraps/rhel/Dockerfile +++ b/Dockerfiles/snmptraps/rhel/Dockerfile @@ -46,9 +46,9 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ set -eux && \ INSTALL_PKGS="bash \ shadow-utils \ - tzdata \ net-snmp" && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo="*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \ @@ -57,6 +57,23 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ + microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ + --setopt=keepcache=0 \ + --best \ + --setopt=tsflags=nodocs \ + tzdata && \ groupadd \ --system \ --gid 1995 \ diff --git a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile index 0b5031c58..e39f4f165 100644 --- a/Dockerfiles/web-nginx-mysql/rhel/Dockerfile +++ b/Dockerfiles/web-nginx-mysql/rhel/Dockerfile @@ -49,9 +49,9 @@ COPY ["conf/etc/", "/etc/"] COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/ui", "/usr/share/zabbix"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ - tzdata \ curl-minimal \ supervisor \ shadow-utils \ @@ -83,12 +83,22 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --best \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ - microdnf -y reinstall \ + microdnf -y update \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --setopt=install_weak_deps=0 \ --best \ --setopt=tsflags=nodocs \ + tzdata && \ + microdnf -y reinstall \ + --disableplugin=subscription-manager \ + --disablerepo "*" \ + --enablerepo "ubi-9-baseos-rpms" \ + --setopt=install_weak_deps=0 \ --setopt=keepcache=0 \ + --best \ + --setopt=tsflags=nodocs \ tzdata && \ groupadd \ --system \ diff --git a/Dockerfiles/web-service/rhel/Dockerfile b/Dockerfiles/web-service/rhel/Dockerfile index 172b96093..150f3fac5 100644 --- a/Dockerfiles/web-service/rhel/Dockerfile +++ b/Dockerfiles/web-service/rhel/Dockerfile @@ -50,6 +50,7 @@ COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/bin/zabbix_web_service", COPY --from=builder ["/tmp/zabbix-${ZBX_VERSION}/src/go/conf/zabbix_web_service.conf", "/etc/zabbix/zabbix_web_service.conf"] RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ + --mount=type=bind,target=/run/secrets/,src=secrets/ \ set -eux && \ INSTALL_PKGS="bash \ shadow-utils \ @@ -62,7 +63,6 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \ - --enablerepo "rhel-9-for-$ARCH_SUFFIX-baseos-rpms" \ --enablerepo "rhel-9-for-$ARCH_SUFFIX-appstream-rpms" \ --enablerepo "epel" \ --setopt=install_weak_deps=0 \ @@ -71,6 +71,7 @@ RUN --mount=type=tmpfs,target=/var/lib/dnf/ \ --setopt=tsflags=nodocs \ ${INSTALL_PKGS} && \ microdnf -y install \ + --disableplugin=subscription-manager \ --disablerepo "*" \ --enablerepo "ubi-9-baseos-rpms" \ --enablerepo "ubi-9-appstream-rpms" \