From 32aed06ce8e2a2c84becc34eb65f3988b5201aaa Mon Sep 17 00:00:00 2001 From: Tim Harper Date: Wed, 24 Oct 2018 22:18:28 -0600 Subject: [PATCH] Upgrade Dockerfile to use Debian Stretch for 1.5.x (#6635) JIRA Issues: MARATHON-8487 --- build.sbt | 18 +++++++++++------- changelog.md | 4 ++++ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/build.sbt b/build.sbt index 8027acf4d02..af84a70ab9a 100644 --- a/build.sbt +++ b/build.sbt @@ -184,7 +184,7 @@ lazy val packagingSettings = Seq( daemonUser in Docker := "nobody", daemonGroup in Docker := "nogroup", version in Docker := { "v" + (version in Compile).value }, - dockerBaseImage := "debian:jessie-slim", + dockerBaseImage := "debian:stretch-slim", (defaultLinuxInstallLocation in Docker) := "/marathon", dockerCommands := { // kind of a work-around; we need our chown /marathon command to come after the WORKDIR command, and installation @@ -193,20 +193,24 @@ lazy val packagingSettings = Seq( prefixCommands ++ Seq(Cmd("RUN", - s"""apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv DF7D54CBE56151BF && \\ + s"""apt-get update && apt-get install -my wget gnupg && \\ + |apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv DF7D54CBE56151BF && \\ |apt-get update -y && \\ |apt-get upgrade -y && \\ - |echo "deb http://ftp.debian.org/debian jessie-backports main" | tee -a /etc/apt/sources.list && \\ - |echo "deb http://repos.mesosphere.com/debian jessie-testing main" | tee -a /etc/apt/sources.list.d/mesosphere.list && \\ - |echo "deb http://repos.mesosphere.com/debian jessie main" | tee -a /etc/apt/sources.list.d/mesosphere.list && \\ + |echo "deb http://ftp.debian.org/debian stretch-backports main" | tee -a /etc/apt/sources.list && \\ + |echo "deb http://repos.mesosphere.com/debian stretch-testing main" | tee -a /etc/apt/sources.list.d/mesosphere.list && \\ + |echo "deb http://repos.mesosphere.com/debian stretch main" | tee -a /etc/apt/sources.list.d/mesosphere.list && \\ |apt-get update && \\ | |# jdk setup |mkdir -p /usr/share/man/man1 && \\ - |apt-get install -y openjdk-8-jdk-headless openjdk-8-jre-headless ca-certificates-java=20161107~bpo8+1 && \\ + |apt-get install -y openjdk-8-jdk-headless openjdk-8-jre-headless ca-certificates-java=20170531+nmu1 && \\ |/var/lib/dpkg/info/ca-certificates-java.postinst configure && \\ |ln -svT "/usr/lib/jvm/java-8-openjdk-$$(dpkg --print-architecture)" /docker-java-home && \\ - | + |# mesos setup + |echo exit 0 > /usr/bin/systemctl && chmod +x /usr/bin/systemctl && \\ + |# Workaround required due to https://github.com/mesosphere/mesos-deb-packaging/issues/102 + |apt-get install -y libcurl3-nss && \\ |apt-get install --no-install-recommends -y --force-yes mesos=${Dependency.V.MesosDebian} && \\ |apt-get clean && \\ |chown nobody:nogroup /marathon""".stripMargin)) ++ diff --git a/changelog.md b/changelog.md index 24ee7243ca4..a72951553e1 100644 --- a/changelog.md +++ b/changelog.md @@ -19,6 +19,10 @@ For more information, refer to the [framework id docs page](https://mesosphere.g Previously, the Marathon Docker container would only run as user root. The packaging has been updated so that the container can be run as the user `nobody`. The default user for running the container (and, subsequently, the default value for `--mesos_user`) has not been changed. +### Docker image upgraded to Debian Stretch + +The Docker image for Marathon now uses Debian Stretch as a base OS, since Debian Jessie is no longer receiving security updates. + ### Native Packages We have stopped publishing native packages for operating system versions that are past their end-of-life: