From e97b1772b9559acfd5d56385d837c2b803b4b435 Mon Sep 17 00:00:00 2001 From: Robby Cochran Date: Mon, 5 Oct 2020 13:07:31 -0700 Subject: [PATCH] Changes to Dockerfile for DSOP (#360) --- .circleci/config.yml | 4 +- collector/container/rhel/Dockerfile | 53 ++++++++++++----------- collector/container/rhel/create-bundle.sh | 23 +++++++--- 3 files changed, 47 insertions(+), 33 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 54ed65834b..dc43896bab 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -817,7 +817,7 @@ jobs: ./container/rhel/create-bundle.sh \ "$SOURCE_ROOT/collector/container" \ "${MODULE_ARCHIVE}" \ - "$SOURCE_ROOT/collector/container/rhel/bundle.tar.gz" + "$SOURCE_ROOT/collector/container/rhel" build_args=( --build-arg module_version="$MODULE_VERSION" @@ -844,7 +844,7 @@ jobs: ./container/rhel/create-bundle.sh \ "$SOURCE_ROOT/collector/container" \ "${MODULE_ARCHIVE}" \ - "$SOURCE_ROOT/collector/container/rhel/bundle.tar.gz" + "$SOURCE_ROOT/collector/container/rhel" build_args=( --build-arg module_version="$MODULE_VERSION" diff --git a/collector/container/rhel/Dockerfile b/collector/container/rhel/Dockerfile index 939ff1ffe5..cfe2ad3013 100644 --- a/collector/container/rhel/Dockerfile +++ b/collector/container/rhel/Dockerfile @@ -7,31 +7,34 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ARG collector_version=xxx ARG module_version=xxx -LABEL maintainer="StackRox " -LABEL io.stackrox.collector.module-version="${module_version}" -LABEL io.stackrox.collector.version="${collector_version}" - -ENV COLLECTOR_VERSION=${collector_version} -ENV MODULE_VERSION=${module_version} -ENV COLLECTOR_HOST_ROOT=/host - -RUN yum update -y --nogpgcheck --disableplugin=subscription-manager -RUN yum install -y kmod -RUN rpm -e --nodeps \ - rpm \ - rpm-build-libs \ - rpm-libs \ - python3-rpm \ - subscription-manager \ - python3-subscription-manager-rhsm \ - yum \ - $(rpm -qa *dnf*) \ - python3-hawkey \ - ; - -ADD bundle.tar.gz / - -RUN echo "${module_version}" >/kernel-modules/MODULE_VERSION.txt +LABEL name="collector-rhel" \ + vendor="StackRox" \ + maintainer="support@stackrox.com" \ + summary="Runtime data collection for the StackRox Kubernetes Security Platform" \ + description="This image supports runtime data collection in the StackRox Kubernetes Security Platform." \ + io.stackrox.collector.module-version="${module_version}" \ + io.stackrox.collector.version="${collector_version}" + +ENV COLLECTOR_VERSION=${collector_version} \ + MODULE_VERSION=${module_version} \ + COLLECTOR_HOST_ROOT=/host + +COPY scripts / +COPY bundle.tar.gz / + +RUN mv collector-wrapper.sh /usr/local/bin/ && \ + chmod 700 bootstrap.sh && \ + tar -zxf bundle.tar.gz ./COPYING.txt && \ + tar -zxf bundle.tar.gz ./kernel-modules/ && \ + tar -zxf bundle.tar.gz ./usr/local/lib/libsinsp-wrapper.so && \ + tar -zxf bundle.tar.gz ./usr/local/bin/collector && \ + rm -f bundle.tar.gz && \ + dnf upgrade -y && \ + dnf install -y kmod && \ + dnf clean all && \ + rm -rf /var/cache/dnf && \ + echo "${MODULE_VERSION}" > /kernel-modules/MODULE_VERSION.txt + EXPOSE 8080 9090 diff --git a/collector/container/rhel/create-bundle.sh b/collector/container/rhel/create-bundle.sh index b69b862e10..cd88c72ca8 100755 --- a/collector/container/rhel/create-bundle.sh +++ b/collector/container/rhel/create-bundle.sh @@ -10,14 +10,18 @@ die() { INPUT_ROOT="$1" MODULE_ARCHIVE="$2" -OUTPUT_BUNDLE="$3" +OUTPUT_DIR="$3" -[[ -n "$INPUT_ROOT" && -n "$MODULE_ARCHIVE" && -n "$OUTPUT_BUNDLE" ]] \ - || die "Usage: $0 " +[[ -n "$INPUT_ROOT" && -n "$MODULE_ARCHIVE" && -n "$OUTPUT_DIR" ]] \ + || die "Usage: $0 " [[ -d "$INPUT_ROOT" ]] \ || die "Input root directory doesn't exist or is not a directory." [[ "$MODULE_ARCHIVE" == "-" || -f "$MODULE_ARCHIVE" ]] \ || die "Module archive doesn't exist." +[[ -d "$OUTPUT_DIR" ]] \ + || die "Output directory doesn't exist or is not a directory." + +OUTPUT_BUNDLE="${OUTPUT_DIR}/bundle.tar.gz" # Create tmp directory bundle_root="$(mktemp -d)" @@ -25,11 +29,18 @@ mkdir -p "${bundle_root}/usr/"{bin,lib64,local/bin,local/lib} mkdir -p "${bundle_root}/kernel-modules" chmod -R 755 "${bundle_root}" +# ============================================================================= +# Copy scripts to image build context directory + +mkdir -p "${OUTPUT_DIR}/scripts" +cp "${INPUT_ROOT}/scripts/bootstrap.sh" "${OUTPUT_DIR}/scripts" +cp "${INPUT_ROOT}/scripts/collector-wrapper.sh" "${OUTPUT_DIR}/scripts" + # ============================================================================= -# Add files to be included in the Dockerfile here. This includes artifacts that -# would be otherwise downloaded or included via a COPY command in the -# Dockerfile. +# Add binaries and data files to be included in the Dockerfile here. This +# includes artifacts that would be otherwise downloaded or included via a COPY +# command in the Dockerfile. cp -p "${INPUT_ROOT}/libs/libsinsp-wrapper.so.rhel" "${bundle_root}/usr/local/lib/libsinsp-wrapper.so" cp -p "${INPUT_ROOT}/scripts/bootstrap.sh" "${bundle_root}/bootstrap.sh"