feat: add Docker.alpine file

Signed-off-by: Robert Waffen <[email protected]>
voxpupuli · Oct 11, 2024 · a69b563 · a69b563
1 parent be3577b
commit a69b563
Show file tree

Hide file tree

Showing 3 changed files with 184 additions and 98 deletions.
diff --git a/build/Dockerfile b/build/Dockerfile
diff --git a/build/build.sh b/build/build.sh
diff --git a/puppetserver/Dockerfile.alpine b/puppetserver/Dockerfile.alpine
@@ -0,0 +1,184 @@
+FROM alpine:3.20 AS build
+
+ARG VERSION=8.6.3
+ADD https://downloads.puppet.com/puppet/puppetserver-${VERSION}.tar.gz /
+RUN tar -xzf /puppetserver-${VERSION}.tar.gz && mv /puppetserver-${VERSION} /install
+
+ENV apps_dir=/opt/puppetlabs/server/apps
+ENV app_logdir=/var/log/puppetlabs
+ENV data_dir=/opt/puppetlabs/server/data
+ENV etc_dir=/etc/puppetlabs
+ENV run_dir=/var/run/puppetlabs
+ENV bindir=/opt/puppetlabs/server/apps/puppetserver/bin
+ENV symbindir=/opt/puppetlabs/server/bin
+ENV uxbindir=/opt/puppetlabs/bin
+
+RUN apk update && apk upgrade \
+&& apk add --no-cache --update openjdk17-jre-headless \
+&& apk add --no-cache --update bash \
+&& cd /install \
+&& install -d -m 0755 "${apps_dir}/puppetserver" \
+&& install -d -m 0770 "${data_dir}/puppetserver" \
+&& install -m 0644 /install/puppet-server-release.jar "${apps_dir}/puppetserver" \
+&& install -m 0774 /install/ext/ezbake-functions.sh "${apps_dir}/puppetserver" \
+&& install -m 0644 /install/ext/ezbake.manifest "${apps_dir}/puppetserver" \
+&& install -d -m 0755 "${etc_dir}/puppetserver/conf.d" \
+&& install -d -m 0755 "${etc_dir}/puppetserver/services.d" \
+&& install -m 0644 /install/ext/config/request-logging.xml "${etc_dir}/puppetserver/request-logging.xml" \
+&& install -m 0644 /install/ext/config/conf.d/puppetserver.conf "${etc_dir}/puppetserver/conf.d/puppetserver.conf" \
+&& install -m 0644 /install/ext/config/logback.xml "${etc_dir}/puppetserver/logback.xml" \
+&& install -m 0644 /install/ext/config/services.d/ca.cfg "${etc_dir}/puppetserver/services.d/ca.cfg" \
+&& install -m 0644 /install/ext/config/conf.d/global.conf "${etc_dir}/puppetserver/conf.d/global.conf" \
+&& install -m 0644 /install/ext/config/conf.d/web-routes.conf "${etc_dir}/puppetserver/conf.d/web-routes.conf" \
+&& install -m 0644 /install/ext/config/conf.d/auth.conf "${etc_dir}/puppetserver/conf.d/auth.conf" \
+&& install -m 0644 /install/ext/config/conf.d/metrics.conf "${etc_dir}/puppetserver/conf.d/metrics.conf" \
+&& install -m 0644 /install/ext/config/conf.d/ca.conf "${etc_dir}/puppetserver/conf.d/ca.conf" \
+&& install -m 0644 /install/ext/config/conf.d/webserver.conf "${etc_dir}/puppetserver/conf.d/webserver.conf" \
+&& install -d -m 0755 "${apps_dir}/puppetserver/cli" \
+&& install -d -m 0755 "${apps_dir}/puppetserver/cli/apps" \
+&& install -d -m 0755 "${bindir}" \
+&& install -d -m 0755 "${symbindir}" \
+&& install -d -m 0755 "${uxbindir}" \
+&& install -m 0755 "/install/ext/bin/puppetserver" "${bindir}/puppetserver" \
+&& ln -s "../apps/puppetserver/bin/puppetserver" "${symbindir}/puppetserver" \
+&& ln -s "../server/apps/puppetserver/bin/puppetserver" "${uxbindir}/puppetserver" \
+&& install -m 0755 /install/ext/cli/foreground "${apps_dir}/puppetserver/cli/apps/foreground" \
+&& install -m 0755 /install/ext/cli/dropsonde "${apps_dir}/puppetserver/cli/apps/dropsonde" \
+&& install -m 0755 /install/ext/cli/ca "${apps_dir}/puppetserver/cli/apps/ca" \
+&& install -m 0755 /install/ext/cli/irb "${apps_dir}/puppetserver/cli/apps/irb" \
+&& install -m 0755 /install/ext/cli/gem "${apps_dir}/puppetserver/cli/apps/gem" \
+&& install -m 0755 /install/ext/cli/reload "${apps_dir}/puppetserver/cli/apps/reload" \
+&& install -m 0755 /install/ext/cli/ruby "${apps_dir}/puppetserver/cli/apps/ruby" \
+&& install -m 0755 /install/ext/cli/stop "${apps_dir}/puppetserver/cli/apps/stop" \
+&& install -m 0755 /install/ext/cli/start "${apps_dir}/puppetserver/cli/apps/start" \
+&& install -d -m 0700 "${app_logdir}/puppetserver" \
+&& install -d -m 0755 "${run_dir}/puppetserver" \
+&& install -d -m 700 "${data_dir}/puppetserver/jars" \
+&& install -d -m 700 "${data_dir}/puppetserver/yaml" \
+&& install -d /opt/puppetlabs/server/data/puppetserver/jruby-gems \
+&& install -d -m=775 /opt/puppetlabs/server/data \
+&& install -d "${etc_dir}/puppet/ssl" \
+&& install -d "${etc_dir}/puppetserver/ca" \
+&& bash /install/ext/build-scripts/install-vendored-gems.sh
+
+################################################################################
+
+FROM alpine:3.20 AS final
+
+ARG vcs_ref
+ARG build_date
+
+LABEL \
+  org.label-schema.build-date="$build_date" \
+  org.label-schema.dockerfile="/Dockerfile" \
+  org.label-schema.license="Apache-2.0" \
+  org.label-schema.maintainer="Voxpupuli Team <[email protected]>" \
+  org.label-schema.schema-version="1.0" \
+  org.label-schema.url="https://github.com/voxpupuli/container-puppetserver" \
+  org.label-schema.vcs-ref="$vcs_ref" \
+  org.label-schema.vcs-url="https://github.com/voxpupuli/container-puppetserver" \
+  org.label-schema.vendor="Voxpupuli"
+
+ENV PUPPETSERVER_JAVA_ARGS="-Xms1024m -Xmx1024m" \
+    JAVA_ARGS=${PUPPETSERVER_JAVA_ARGS} \
+    PATH=$PATH:/opt/puppetlabs/server/bin:/opt/puppetlabs/puppet/bin:/opt/puppetlabs/bin \
+    SSLDIR=/etc/puppetlabs/puppet/ssl \
+    LOGDIR=/var/log/puppetlabs/puppetserver \
+    PUPPETSERVER_HOSTNAME="" \
+    CERTNAME="" \
+    DNS_ALT_NAMES="" \
+    PUPPETSERVER_PORT=8140 \
+    AUTOSIGN=true \
+    PUPPETSERVER_MAX_ACTIVE_INSTANCES=1 \
+    PUPPETSERVER_MAX_REQUESTS_PER_INSTANCE=0 \
+    CA_ENABLED=true \
+    CA_HOSTNAME=puppet \
+    CA_PORT=8140 \
+    CA_ALLOW_SUBJECT_ALT_NAMES=false \
+    INTERMEDIATE_CA=false \
+    INTERMEDIATE_CA_BUNDLE=/etc/puppetlabs/intermediate/ca.pem \
+    INTERMEDIATE_CRL_CHAIN=/etc/puppetlabs/intermediate/crl.pem \
+    INTERMEDIATE_CA_KEY=/etc/puppetlabs/intermediate/key.pem \
+    USE_PUPPETDB=false \
+    PUPPETDB_SERVER_URLS=https://puppetdb:8081 \
+    PUPPET_STORECONFIGS_BACKEND="puppetdb" \
+    PUPPET_STORECONFIGS=true \
+    PUPPET_REPORTS="puppetdb" \
+    PUPPETSERVER_GRAPHITE_EXPORTER_ENABLED=false \
+    PUPPETSERVER_GRAPHITE_PORT=9109 \
+    PUPPETSERVER_GRAPHITE_HOST=exporter \
+    PUPPETSERVER_ENVIRONMENT_TIMEOUT=unlimited \
+    PUPPETSERVER_ENABLE_ENV_CACHE_DEL_API=true \
+    ENVIRONMENTPATH=/etc/puppetlabs/code/environments \
+    HIERACONFIG='$confdir/hiera.yaml' \
+    CSR_ATTRIBUTES='{}'
+
+ENV apps_dir=/opt/puppetlabs/server/apps \
+    app_logdir=/var/log/puppetlabs \
+    data_dir=/opt/puppetlabs/server/data \
+    etc_dir=/etc/puppetlabs \
+    run_dir=/var/run/puppetlabs \
+    bindir=/opt/puppetlabs/server/apps/puppetserver/bin \
+    symbindir=/opt/puppetlabs/server/bin \
+    uxbindir=/opt/puppetlabs/bin
+
+# old /etc/default/puppetserver
+# how where do i put this in the new world? 🤔
+#
+# ENV \
+#   USER="puppet" \
+#   GROUP="puppet" \
+#   INSTALL_DIR="/opt/puppetlabs/server/apps/puppetserver" \
+#   CONFIG="/etc/puppetlabs/puppetserver/conf.d" \
+#   BOOTSTRAP_CONFIG="/etc/puppetlabs/puppetserver/services.d/,/opt/puppetlabs/server/apps/puppetserver/config/services.d/" \
+#   SERVICE_STOP_RETRIES=60
+
+COPY --from=build /opt/puppetlabs /opt/puppetlabs
+COPY --from=build /etc/puppetlabs /etc/puppetlabs
+COPY --from=build /var/log/puppetlabs /var/log/puppetlabs
+COPY --from=build /var/run/puppetlabs /var/run/puppetlabs
+
+COPY docker-entrypoint.sh /
+COPY healthcheck.sh /
+COPY docker-entrypoint.d /docker-entrypoint.d
+COPY metrics.conf.tmpl /metrics.conf.tmpl
+COPY add_cache_del_api_auth_rules.rb /add_cache_del_api_auth_rules.rb
+COPY logback.xml /etc/puppetlabs/puppetserver/
+COPY request-logging.xml /etc/puppetlabs/puppetserver/
+COPY conf.d/puppetserver.conf /etc/puppetlabs/puppetserver/conf.d/
+COPY conf.d/product.conf /etc/puppetlabs/puppetserver/conf.d/
+COPY puppetdb.conf /var/tmp/puppet/
+COPY Dockerfile /
+
+RUN apk update && apk upgrade \
+&& apk add --no-cache --update openjdk17-jre-headless \
+&& apk add --no-cache --update bash \
+&& apk add --no-cache --update dumb-init \
+&& apk add --no-cache --update openssh-client \
+&& apk add --no-cache --update libssh2 \
+&& addgroup -g 1001 puppet \
+&& adduser -G puppet -u 1001 -h ${data_dir}/puppetserver -H -D -s /sbin/nologin puppet \
+&& chown -R puppet:puppet ${etc_dir}/puppet/ssl \
+&& chown -R puppet:puppet ${etc_dir}/puppetserver/ca \
+&& chown -R puppet:puppet ${app_logdir}/puppetserver \
+&& chown -R puppet:puppet ${run_dir}/puppetserver \
+&& chown -R puppet:puppet ${data_dir}/puppetserver \
+&& chmod 700 ${app_logdir}/puppetserver \
+&& chmod 770 ${data_dir}/puppetserver \
+&& chmod 750 ${etc_dir}/puppetserver \
+&& chmod 700 ${data_dir}/puppetserver/jars \
+&& chmod 700 ${data_dir}/puppetserver/yaml \
+&& find /etc/puppetlabs/puppet/ssl -type d -print0 | xargs -0 chmod 770 \
+&& echo 'alias ll="ls -la --color=auto"' >> ~/.bashrc \
+&& chmod +x /docker-entrypoint.sh /healthcheck.sh /docker-entrypoint.d/*.sh
+
+# gem install --no-doc r10k -v $R10K_VERSION && \
+# gem install --no-doc rugged -v $RUGGED_VERSION -- --with-ssh && \
+
+# k8s uses livenessProbe, startupProbe, readinessProbe and ignores HEALTHCHECK
+HEALTHCHECK --interval=20s --timeout=15s --retries=12 --start-period=3m CMD ["/healthcheck.sh"]
+
+EXPOSE 8140
+
+ENTRYPOINT ["dumb-init", "/docker-entrypoint.sh"]
+CMD ["foreground"]