academy/mq-container
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Build on host with SELinux enabled

Browse Source
This commit is contained in:
Arthur Barr
2019-01-29 11:13:40 +00:00
parent 6840a575f9
commit 599f5f4b53
4 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
mq-advanced-server-rhel/go-buildah.sh
View File

@@ -34,8 +34,10 @@ readonly dev=$2
IMAGE_REVISION=${IMAGE_REVISION:="Not Applicable"} IMAGE_REVISION=${IMAGE_REVISION:="Not Applicable"}
IMAGE_SOURCE=${IMAGE_SOURCE:="Not Applicable"} IMAGE_SOURCE=${IMAGE_SOURCE:="Not Applicable"}
# Run the build in a container
# Note the ":Z" on the volume is to allow the container to access the files when SELinux is enabled
podman run \ podman run \
--volume ${PWD}:/opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/ \ --volume ${PWD}:/opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/:Z \
--env IMAGE_REVISION="$IMAGE_REVISION" \ --env IMAGE_REVISION="$IMAGE_REVISION" \
--env IMAGE_SOURCE="$IMAGE_SOURCE" \ --env IMAGE_SOURCE="$IMAGE_SOURCE" \
--env MQDEV=${dev} \ --env MQDEV=${dev} \

7
mq-advanced-server-rhel/install-mq-rhel.sh
View File

@@ -46,9 +46,10 @@ fi
# Accept the MQ license # Accept the MQ license
buildah run --volume ${dir_extract}:/mnt/mq-download $ctr_mq -- /mnt/mq-download/MQServer/mqlicense.sh -text_only -accept buildah run --user root --volume ${dir_extract}:/mnt/mq-download:Z $ctr_mq -- /mnt/mq-download/MQServer/mqlicense.sh -text_only -accept
buildah run --volume ${dir_extract}:/mnt/mq-download $ctr_mq -- bash -c "cd /mnt/mq-download/MQServer && rpm -ivh $mq_packages" # Install MQ
buildah run --user root --volume ${dir_extract}:/mnt/mq-download:Z $ctr_mq -- bash -c "cd /mnt/mq-download/MQServer && rpm -ivh $mq_packages"
rm -rf ${dir_extract}/MQServer rm -rf ${dir_extract}/MQServer
@@ -71,7 +72,7 @@ rm -rf $mnt_mq/var/mqm
mkdir -p $mnt_mq/mnt/mqm mkdir -p $mnt_mq/mnt/mqm
# Create a symlink for /var/mqm -> /mnt/mqm/data # Create a symlink for /var/mqm -> /mnt/mqm/data
buildah run $ctr_mq -- ln -s /mnt/mqm/data /var/mqm buildah run --user root $ctr_mq -- ln -s /mnt/mqm/data /var/mqm
# Optional: Set these values for the IBM Cloud Vulnerability Report # Optional: Set these values for the IBM Cloud Vulnerability Report
sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' $mnt_mq/etc/login.defs sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' $mnt_mq/etc/login.defs

18
mq-advanced-server-rhel/mq-buildah.sh
View File

@@ -16,8 +16,6 @@
# limitations under the License. # limitations under the License.
# Build a RHEL image, using the buildah tool # Build a RHEL image, using the buildah tool
# Usage
# mq-buildah.sh ARCHIVE-NAME PACKAGES
set -x set -x
set -e set -e
@@ -56,6 +54,8 @@ readonly packages=$2
readonly tag=$3 readonly tag=$3
readonly version=$4 readonly version=$4
readonly mqdev=$5 readonly mqdev=$5
readonly mqm_uid=888
readonly mqm_gid=888
############################################################################### ###############################################################################
# Install MQ server # Install MQ server
@@ -93,10 +93,10 @@ buildah run ${ctr_mq} -- microdnf ${microdnf_opts} install \
buildah run ${ctr_mq} -- microdnf ${microdnf_opts} clean all buildah run ${ctr_mq} -- microdnf ${microdnf_opts} clean all
rm -rf ${mnt_mq}/etc/yum.repos.d/* rm -rf ${mnt_mq}/etc/yum.repos.d/*
groupadd --root ${mnt_mq} --system --gid 888 mqm buildah run --user root $ctr_mq -- groupadd --system --gid ${mqm_gid} mqm
useradd --root ${mnt_mq} --system --uid 888 --gid mqm mqm buildah run --user root $ctr_mq -- useradd --system --uid ${mqm_uid} --gid mqm mqm
usermod --root ${mnt_mq} -aG root mqm buildah run --user root $ctr_mq -- usermod -aG root mqm
usermod --root ${mnt_mq} -aG mqm root buildah run --user root $ctr_mq -- usermod -aG mqm root
# Install MQ server packages into the MQ builder image # Install MQ server packages into the MQ builder image
./mq-advanced-server-rhel/install-mq-rhel.sh ${ctr_mq} "${mnt_mq}" "${archive}" "${packages}" ./mq-advanced-server-rhel/install-mq-rhel.sh ${ctr_mq} "${mnt_mq}" "${archive}" "${packages}"
@@ -106,9 +106,9 @@ mkdir -p ${mnt_mq}/etc/mqm
chown 888:888 ${mnt_mq}/etc/mqm chown 888:888 ${mnt_mq}/etc/mqm
# Install the Go binaries into the image # Install the Go binaries into the image
install --mode 0750 --owner 888 --group 888 ./build/runmqserver ${mnt_mq}/usr/local/bin/ install --mode 0750 --owner ${mqm_uid} --group 0 ./build/runmqserver ${mnt_mq}/usr/local/bin/
install --mode 6750 --owner 888 --group 888 ./build/chk* ${mnt_mq}/usr/local/bin/ install --mode 6750 --owner ${mqm_uid} --group 0 ./build/chk* ${mnt_mq}/usr/local/bin/
install --mode 0750 --owner 888 --group 888 ./NOTICES.txt ${mnt_mq}/opt/mqm/licenses/notices-container.txt install --mode 0750 --owner ${mqm_uid} --group 0 ./NOTICES.txt ${mnt_mq}/opt/mqm/licenses/notices-container.txt
############################################################################### ###############################################################################
# Final Buildah commands # Final Buildah commands

15
mq-advanced-server-rhel/mqdev-buildah.sh
View File

@@ -15,9 +15,7 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
# Build a RHEL image, using the buildah tool # Build a RHEL image of MQ Advanced for Developers, using the buildah tool
# Usage
# mq-buildah.sh ARCHIVEFILE PACKAGES
set -x set -x
set -e set -e
@@ -57,12 +55,11 @@ readonly tag=$2
readonly version=$3 readonly version=$3
useradd --root $mnt_mq --gid mqm admin # Run these commands inside the container so that the SELinux context is handled correctly
groupadd --root $mnt_mq --system mqclient buildah run --user root $ctr_mq -- useradd --gid mqm admin
useradd --root $mnt_mq --gid mqclient app buildah run --user root $ctr_mq -- groupadd --system mqclient
buildah run --user root $ctr_mq -- useradd --gid mqclient app
buildah run $ctr_mq -- id admin buildah run --user root $ctr_mq -- bash -c "echo admin:passw0rd | chpasswd"
buildah run $ctr_mq -- sh -c "echo admin:passw0rd | chpasswd"
mkdir -p $mnt_mq/run/runmqdevserver mkdir -p $mnt_mq/run/runmqdevserver
chown 888:888 $mnt_mq/run/runmqdevserver chown 888:888 $mnt_mq/run/runmqdevserver