Skip to content

Commit

Permalink
Changes to Dockerfile for DSOP (#360)
Browse files Browse the repository at this point in the history
  • Loading branch information
robbycochran authored Oct 5, 2020
1 parent 7e5de22 commit e97b177
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 33 deletions.
4 changes: 2 additions & 2 deletions .circleci/config.yml
Original file line number Diff line number Diff line change
Expand Up @@ -817,7 +817,7 @@ jobs:
./container/rhel/create-bundle.sh \
"$SOURCE_ROOT/collector/container" \
"${MODULE_ARCHIVE}" \
"$SOURCE_ROOT/collector/container/rhel/bundle.tar.gz"
"$SOURCE_ROOT/collector/container/rhel"
build_args=(
--build-arg module_version="$MODULE_VERSION"
Expand All @@ -844,7 +844,7 @@ jobs:
./container/rhel/create-bundle.sh \
"$SOURCE_ROOT/collector/container" \
"${MODULE_ARCHIVE}" \
"$SOURCE_ROOT/collector/container/rhel/bundle.tar.gz"
"$SOURCE_ROOT/collector/container/rhel"
build_args=(
--build-arg module_version="$MODULE_VERSION"
Expand Down
53 changes: 28 additions & 25 deletions collector/container/rhel/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,31 +7,34 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
ARG collector_version=xxx
ARG module_version=xxx

LABEL maintainer="StackRox <[email protected]>"
LABEL io.stackrox.collector.module-version="${module_version}"
LABEL io.stackrox.collector.version="${collector_version}"

ENV COLLECTOR_VERSION=${collector_version}
ENV MODULE_VERSION=${module_version}
ENV COLLECTOR_HOST_ROOT=/host

RUN yum update -y --nogpgcheck --disableplugin=subscription-manager
RUN yum install -y kmod
RUN rpm -e --nodeps \
rpm \
rpm-build-libs \
rpm-libs \
python3-rpm \
subscription-manager \
python3-subscription-manager-rhsm \
yum \
$(rpm -qa *dnf*) \
python3-hawkey \
;

ADD bundle.tar.gz /

RUN echo "${module_version}" >/kernel-modules/MODULE_VERSION.txt
LABEL name="collector-rhel" \
vendor="StackRox" \
maintainer="[email protected]" \
summary="Runtime data collection for the StackRox Kubernetes Security Platform" \
description="This image supports runtime data collection in the StackRox Kubernetes Security Platform." \
io.stackrox.collector.module-version="${module_version}" \
io.stackrox.collector.version="${collector_version}"

ENV COLLECTOR_VERSION=${collector_version} \
MODULE_VERSION=${module_version} \
COLLECTOR_HOST_ROOT=/host

COPY scripts /
COPY bundle.tar.gz /

RUN mv collector-wrapper.sh /usr/local/bin/ && \
chmod 700 bootstrap.sh && \
tar -zxf bundle.tar.gz ./COPYING.txt && \
tar -zxf bundle.tar.gz ./kernel-modules/ && \
tar -zxf bundle.tar.gz ./usr/local/lib/libsinsp-wrapper.so && \
tar -zxf bundle.tar.gz ./usr/local/bin/collector && \
rm -f bundle.tar.gz && \
dnf upgrade -y && \
dnf install -y kmod && \
dnf clean all && \
rm -rf /var/cache/dnf && \
echo "${MODULE_VERSION}" > /kernel-modules/MODULE_VERSION.txt


EXPOSE 8080 9090

Expand Down
23 changes: 17 additions & 6 deletions collector/container/rhel/create-bundle.sh
Original file line number Diff line number Diff line change
Expand Up @@ -10,26 +10,37 @@ die() {

INPUT_ROOT="$1"
MODULE_ARCHIVE="$2"
OUTPUT_BUNDLE="$3"
OUTPUT_DIR="$3"

[[ -n "$INPUT_ROOT" && -n "$MODULE_ARCHIVE" && -n "$OUTPUT_BUNDLE" ]] \
|| die "Usage: $0 <input-root> <module-archive> <output-bundle>"
[[ -n "$INPUT_ROOT" && -n "$MODULE_ARCHIVE" && -n "$OUTPUT_DIR" ]] \
|| die "Usage: $0 <input-root> <module-archive> <output-dir>"
[[ -d "$INPUT_ROOT" ]] \
|| die "Input root directory doesn't exist or is not a directory."
[[ "$MODULE_ARCHIVE" == "-" || -f "$MODULE_ARCHIVE" ]] \
|| die "Module archive doesn't exist."
[[ -d "$OUTPUT_DIR" ]] \
|| die "Output directory doesn't exist or is not a directory."

OUTPUT_BUNDLE="${OUTPUT_DIR}/bundle.tar.gz"

# Create tmp directory
bundle_root="$(mktemp -d)"
mkdir -p "${bundle_root}/usr/"{bin,lib64,local/bin,local/lib}
mkdir -p "${bundle_root}/kernel-modules"
chmod -R 755 "${bundle_root}"

# =============================================================================
# Copy scripts to image build context directory

mkdir -p "${OUTPUT_DIR}/scripts"
cp "${INPUT_ROOT}/scripts/bootstrap.sh" "${OUTPUT_DIR}/scripts"
cp "${INPUT_ROOT}/scripts/collector-wrapper.sh" "${OUTPUT_DIR}/scripts"

# =============================================================================

# Add files to be included in the Dockerfile here. This includes artifacts that
# would be otherwise downloaded or included via a COPY command in the
# Dockerfile.
# Add binaries and data files to be included in the Dockerfile here. This
# includes artifacts that would be otherwise downloaded or included via a COPY
# command in the Dockerfile.

cp -p "${INPUT_ROOT}/libs/libsinsp-wrapper.so.rhel" "${bundle_root}/usr/local/lib/libsinsp-wrapper.so"
cp -p "${INPUT_ROOT}/scripts/bootstrap.sh" "${bundle_root}/bootstrap.sh"
Expand Down

0 comments on commit e97b177

Please sign in to comment.