diff --git a/puppetserver/Dockerfile b/puppetserver/Dockerfile index 76782480..db443c1e 100644 --- a/puppetserver/Dockerfile +++ b/puppetserver/Dockerfile @@ -1,16 +1,18 @@ -ARG build_type=release -ARG UBUNTU_CODENAME=jammy - -###################################################### -# base -###################################################### - -FROM ubuntu:22.04 AS base +FROM ubuntu:22.04 -ARG PACKAGES="ca-certificates git netbase openjdk-17-jre-headless ruby3.0 openssh-client libssh2-1" +ARG vcs_ref +ARG build_type +ARG build_date +ARG PACKAGES="ca-certificates git netbase openjdk-17-jre-headless ruby3.0 openssh-client libssh2-1 dumb-init" ARG BUILD_PKGS="ruby3.0-dev gcc make cmake pkg-config libssl-dev libc6-dev libssh2-1-dev" -ARG DUMB_INIT_VERSION="1.2.5" ARG TARGETARCH +ARG R10K_VERSION=4.1.0 +ARG RUGGED_VERSION=1.7.2 +ARG PUPPET_RELEASE=8 +ARG PUPPETSERVER_VERSION=8.6.1 +ARG UBUNTU_CODENAME=jammy +ARG PUPPET_USER_UID=999 +ARG PUPPET_USER_GID=999 LABEL org.label-schema.maintainer="Voxpupuli Team " \ org.label-schema.vendor="Voxpupuli" \ @@ -18,7 +20,11 @@ LABEL org.label-schema.maintainer="Voxpupuli Team " \ org.label-schema.license="Apache-2.0" \ org.label-schema.vcs-url="https://github.com/voxpupuli/container-puppetserver" \ org.label-schema.schema-version="1.0" \ - org.label-schema.dockerfile="/Dockerfile" + org.label-schema.dockerfile="/Dockerfile" \ + org.label-schema.name="Puppet Server ($build_type)" \ + org.label-schema.version="$PUPPETSERVER_VERSION" \ + org.label-schema.vcs-ref="$vcs_ref" \ + org.label-schema.build-date="$build_date" ENV PUPPETSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \ PATH=$PATH:/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin \ @@ -51,15 +57,8 @@ ENV PUPPETSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \ PUPPETSERVER_ENABLE_ENV_CACHE_DEL_API=true \ ENVIRONMENTPATH=/etc/puppetlabs/code/environments \ HIERACONFIG='$confdir/hiera.yaml' \ - CSR_ATTRIBUTES='{}' - -# NOTE: this is just documentation on defaults -EXPOSE 8140 - -ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"] -CMD ["foreground"] - -ADD https://github.com/Yelp/dumb-init/releases/download/v"$DUMB_INIT_VERSION"/dumb-init_"$DUMB_INIT_VERSION"_"$TARGETARCH".deb / + CSR_ATTRIBUTES='{}' \ + PUPPET_DEB=puppet${PUPPET_RELEASE}-release-${UBUNTU_CODENAME}.deb COPY docker-entrypoint.sh \ healthcheck.sh \ @@ -67,62 +66,26 @@ COPY docker-entrypoint.sh \ COPY docker-entrypoint.d /docker-entrypoint.d COPY metrics.conf.tmpl /metrics.conf.tmpl COPY add_cache_del_api_auth_rules.rb /add_cache_del_api_auth_rules.rb -# k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK -HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"] +COPY Dockerfile / -ARG R10K_VERSION=4.1.0 -ARG RUGGED_VERSION=1.7.2 +ADD https://apt.puppet.com/${PUPPET_DEB} /${PUPPET_DEB} + +# Create puppet user and group with PUPPET_USER_UID and PUPPET_USER_GID +RUN groupadd -g ${PUPPET_USER_GID} puppet && \ + useradd -m -u ${PUPPET_USER_UID} -g puppet puppet # no need to pin versions or clear apt cache as its still being used # hadolint ignore=DL3008,DL3009 -RUN chmod +x /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh && \ +RUN dpkg -i /${PUPPET_DEB} && \ + rm /${PUPPET_DEB} && \ + chmod +x /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh && \ apt-get update && \ apt-get install -y --no-install-recommends $PACKAGES $BUILD_PKGS && \ gem install --no-doc r10k -v $R10K_VERSION && \ gem install --no-doc rugged -v $RUGGED_VERSION -- --with-ssh && \ - dpkg -i dumb-init_"$DUMB_INIT_VERSION"_"$TARGETARCH".deb && \ - rm dumb-init_"$DUMB_INIT_VERSION"_"$TARGETARCH".deb && \ apt remove -y $BUILD_PKGS && \ - apt-get clean && \ - apt-get autoremove -y && \ - rm -rf /var/lib/apt/lists/* - -###################################################### -# release (build from packages) -###################################################### - -FROM base AS release - -ARG PUPPET_RELEASE=8 -ARG PUPPETSERVER_VERSION=8.6.1 -ARG UBUNTU_CODENAME -ARG PUPPET_USER_UID=999 -ARG PUPPET_USER_GID=999 - -###################################################### -# final image -###################################################### - -# dynamically selects "edge" or "release" alias based on ARG -# hadolint ignore=DL3006 -FROM ${build_type} AS final - -ARG vcs_ref -ARG build_type -ARG build_date - -ENV PUPPET_DEB=puppet${PUPPET_RELEASE}-release-${UBUNTU_CODENAME}.deb -ADD https://apt.puppet.com/${PUPPET_DEB} /${PUPPET_DEB} - -# Create puppet user and group with PUPPET_USER_UID and PUPPET_USER_GID -RUN groupadd -g ${PUPPET_USER_GID} puppet && \ - useradd -m -u ${PUPPET_USER_UID} -g puppet puppet - -# hadolint ignore=DL3008,DL3028 -RUN dpkg -i /${PUPPET_DEB} && \ - rm /${PUPPET_DEB} -RUN apt-get update && \ apt-get install --no-install-recommends -y puppetserver=${PUPPETSERVER_VERSION}-1${UBUNTU_CODENAME} puppetdb-termini && \ + apt-get autoremove -y && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* && \ cp -pr /etc/puppetlabs/puppet /var/tmp && \ @@ -131,17 +94,18 @@ RUN apt-get update && \ COPY puppetserver /etc/default/puppetserver COPY logback.xml \ - request-logging.xml \ - /etc/puppetlabs/puppetserver/ + request-logging.xml \ + /etc/puppetlabs/puppetserver/ COPY conf.d/puppetserver.conf /etc/puppetlabs/puppetserver/conf.d/ COPY conf.d/product.conf /etc/puppetlabs/puppetserver/conf.d/ - COPY puppetdb.conf /var/tmp/puppet/ -LABEL org.label-schema.name="Puppet Server ($build_type)" \ - org.label-schema.version="$PUPPETSERVER_VERSION" \ - org.label-schema.vcs-ref="$vcs_ref" \ - org.label-schema.build-date="$build_date" +# k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK +HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"] -COPY Dockerfile / +# NOTE: this is just documentation on defaults +EXPOSE 8140 + +ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"] +CMD ["foreground"]