3824cae821
+ update K8s patch version to v1.28.5 + update percona-toolkit patch version to v3.5.5 + switch to secure https postgres repository A bunch of redundant third-party packages are installed inside the images, many with security vulnerabilities. Implementing best practices should solve both problems. Change-Id: I2105fe0b6058b64ae49d2977da5f1e8bad976991
67 lines
2.6 KiB
Docker
67 lines
2.6 KiB
Docker
ARG FROM=docker.io/ubuntu:bionic
|
|
FROM ${FROM}
|
|
|
|
LABEL org.opencontainers.image.authors='airship-discuss@lists.airshipit.org, irc://#airshipit@freenode' \
|
|
org.opencontainers.image.url='https://airshipit.org' \
|
|
org.opencontainers.image.documentation='https://opendev.org/airship/porthole' \
|
|
org.opencontainers.image.source='https://opendev.org/airship/porthole' \
|
|
org.opencontainers.image.vendor='The Airship Authors' \
|
|
org.opencontainers.image.licenses='Apache-2.0'
|
|
|
|
# Pacific 16.2.10
|
|
ARG CEPH_RELEASE=pacific
|
|
ARG CEPH_RELEASE_TAG=16.2.10-1bionic
|
|
ARG KUBE_VERSION=1.24.6
|
|
|
|
ARG CEPH_REPO=https://mirror.mirantis.com/acicd/ceph-pacific/
|
|
ARG CEPH_KEY=https://mirror.mirantis.com/acicd/ceph-pacific/release.asc
|
|
|
|
ADD ${CEPH_KEY} /etc/apt/ceph-${CEPH_RELEASE}.key
|
|
RUN set -xe \
|
|
&& export DEBIAN_FRONTEND=noninteractive \
|
|
&& sed -i '/nobody/d' /etc/passwd \
|
|
&& echo "nobody:x:65534:65534:nobody:/nonexistent:/bin/bash" >> /etc/passwd \
|
|
&& apt-get update && apt-get dist-upgrade -y \
|
|
&& apt-get install -y wget curl apt-transport-https ca-certificates gnupg\
|
|
&& apt-key add /etc/apt/ceph-${CEPH_RELEASE}.key \
|
|
&& rm -f /etc/apt/ceph-${CEPH_RELEASE}.key \
|
|
&& echo "deb ${CEPH_REPO} bionic main" | tee /etc/apt/sources.list.d/ceph.list \
|
|
&& apt-get update \
|
|
&& apt-get install -y \
|
|
bash \
|
|
moreutils \
|
|
vim \
|
|
sudo \
|
|
screen \
|
|
ceph=${CEPH_RELEASE_TAG} \
|
|
ceph-common=${CEPH_RELEASE_TAG} \
|
|
python3-rbd \
|
|
radosgw=${CEPH_RELEASE_TAG} \
|
|
hexedit \
|
|
jq \
|
|
s3cmd \
|
|
rsyslog \
|
|
rsync \
|
|
xz-utils \
|
|
iperf \
|
|
python3.6 \
|
|
python3-pip \
|
|
&& pip3 install --upgrade pip \
|
|
&& pip3 install \
|
|
oslo.rootwrap==6.2.0 \
|
|
&& apt-get remove --purge -y wget apt-transport-https \
|
|
&& apt-get autoremove -y \
|
|
&& apt-get clean \
|
|
&& curl --silent -L https://dl.k8s.io/v${KUBE_VERSION}/kubernetes-client-linux-amd64.tar.gz \
|
|
| tar -zC /usr/bin --strip-components=3 --wildcards -x "*/*/*/kubectl" \
|
|
&& rm -rf \
|
|
/var/lib/apt/lists/*
|
|
|
|
RUN PYTHON_LOCATION=$(pip3 show oslo.rootwrap|grep Location|awk '{print $2}') \
|
|
&& sed -i "/rootwrap_logger.setLevel/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \
|
|
&& sed -i "/handler.setFormatter/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \
|
|
&& sed -i "/os.path.basename/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py \
|
|
&& sed -i "/rootwrap_logger.addHandler/s/.*/#&/" $PYTHON_LOCATION/oslo_rootwrap/wrapper.py
|
|
|
|
CMD ["/bin/bash"]
|