diff --git a/CHANGELOG.md b/CHANGELOG.md index c44ab9a..e7b7d78 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,11 @@ ## vNext -* BREAKING CHANGE: MQSC files supplied will be verified before being run. Files containing invalid MQSC will cause the container to fail to start +**Breaking changes**: +* UID of the mqm user is now 888. You need to run the container with an entrypoint of "runmqserver -i" under the root user to update any existing files. +* MQSC files supplied will be verified before being run. Files containing invalid MQSC will cause the container to fail to start + +Other changes: * Security Fixes ## 9.1.2.0 (2019-03-21) diff --git a/Dockerfile-server b/Dockerfile-server index a55aa90..70761ba 100644 --- a/Dockerfile-server +++ b/Dockerfile-server @@ -12,24 +12,34 @@ # See the License for the specific language governing permissions and # limitations under the License. -ARG BASE_IMAGE=ubuntu:16.04 -ARG BUILDER_IMAGE=mq-golang-sdk:9.1.2.0-x86_64-ubuntu-16.04 - ############################################################################### # Build stage to build Go code ############################################################################### -FROM $BUILDER_IMAGE as builder -WORKDIR /go/src/github.com/ibm-messaging/mq-container/ +FROM registry.access.redhat.com/devtools/go-toolset-7-rhel7 as builder +# The URL to download the MQ installer from in tar.gz format +# This assumes an archive containing the MQ RPM install packages +ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev912_linux_x86-64.tar.gz" ARG IMAGE_REVISION="Not specified" ARG IMAGE_SOURCE="Not specified" ARG IMAGE_TAG="Not specified" +ARG MQM_UID=888 +USER 0 +COPY install-mq.sh /usr/local/bin/ +RUN chmod a+x /usr/local/bin/install-mq.sh \ + && sleep 1 \ + && MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesSDK-*.rpm MQSeriesSamples*.rpm" install-mq.sh $MQM_UID +WORKDIR /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/ COPY cmd/ ./cmd COPY internal/ ./internal COPY vendor/ ./vendor +ENV PATH="${PATH}:/opt/rh/go-toolset-7/root/usr/bin" \ + CGO_CFLAGS="-I/opt/mqm/inc/" \ + CGO_LDFLAGS_ALLOW="-Wl,-rpath.*" RUN go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\" -X \"main.ImageTag=$IMAGE_TAG\"" ./cmd/runmqserver/ RUN go build ./cmd/chkmqready/ RUN go build ./cmd/chkmqhealthy/ -# Run all unit tests +RUN go build ./cmd/runmqdevserver/ +RUN go test -v ./cmd/runmqdevserver/... RUN go test -v ./cmd/runmqserver/ RUN go test -v ./cmd/chkmqready/ RUN go test -v ./cmd/chkmqhealthy/ @@ -39,33 +49,33 @@ RUN go vet ./cmd/... ./internal/... ############################################################################### # Main build stage, to build MQ image ############################################################################### -FROM $BASE_IMAGE - -# The URL to download the MQ installer from in tar.gz format -# This assumes an archive containing the MQ Debian (.deb) install packages -ARG MQ_URL - +FROM registry.access.redhat.com/ubi7/ubi-minimal AS mq-server # The MQ packages to install - see install-mq.sh for default value -ARG MQ_PACKAGES - -# The UID to use for the "mqm" user -ARG MQM_UID=999 - +ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev912_linux_x86-64.tar.gz" +ARG MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesWeb*.rpm MQSeriesAMS-*.rpm" +ARG MQM_UID=888 +LABEL summary="IBM MQ Advanced Server" +LABEL description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" +LABEL vendor="IBM" +LABEL distribution-scope="private" +LABEL authoritative-source-url="https://www.ibm.com/software/passportadvantage/" +LABEL url="https://www.ibm.com/products/mq/advanced" +LABEL io.openshift.tags="mq messaging" +LABEL io.k8s.display-name="IBM MQ Advanced Server" +LABEL io.k8s.description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" COPY install-mq.sh /usr/local/bin/ - +COPY install-mq-server-prereqs.sh /usr/local/bin/ # Install MQ. To avoid a "text file busy" error here, we sleep before installing. -RUN chmod u+x /usr/local/bin/install-mq.sh \ +RUN env && chmod u+x /usr/local/bin/install-*.sh \ && sleep 1 \ + && install-mq-server-prereqs.sh $MQM_UID \ && install-mq.sh $MQM_UID - # Create a directory for runtime data from runmqserver RUN mkdir -p /run/runmqserver \ && chown mqm:mqm /run/runmqserver - -COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/runmqserver /usr/local/bin/ -COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/chkmq* /usr/local/bin/ +COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/runmqserver /usr/local/bin/ +COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/chkmq* /usr/local/bin/ COPY NOTICES.txt /opt/mqm/licenses/notices-container.txt - RUN chmod ug+x /usr/local/bin/runmqserver \ && chown mqm:mqm /usr/local/bin/*mq* \ && chmod ug+xs /usr/local/bin/chkmq* \ @@ -73,12 +83,55 @@ RUN chmod ug+x /usr/local/bin/runmqserver \ && touch /run/termination-log \ && chown mqm:root /run/termination-log \ && chmod 0660 /run/termination-log - # Always use port 1414 for MQ & 9157 for the metrics EXPOSE 1414 9157 - ENV LANG=en_US.UTF-8 AMQ_DIAGNOSTIC_MSG_SEVERITY=1 AMQ_ADDITIONAL_JSON_LOG=1 LOG_FORMAT=basic - USER $MQM_UID - ENTRYPOINT ["runmqserver"] + +############################################################################### +# Add default developer config +############################################################################### +FROM mq-server AS mq-dev-server +ARG MQM_UID=888 +# Enable MQ developer default configuration +ENV MQ_DEV=true +# Default administrator password +ENV MQ_ADMIN_PASSWORD=passw0rd +LABEL summary="IBM MQ Advanced for Developers Server" +LABEL description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" +LABEL vendor="IBM" +LABEL distribution-scope="private" +LABEL authoritative-source-url="https://www.ibm.com/software/passportadvantage/" +LABEL url="https://www.ibm.com/products/mq/advanced" +LABEL io.openshift.tags="mq messaging" +LABEL io.k8s.display-name="IBM MQ Advanced for Developers Server" +LABEL io.k8s.description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" +USER 0 +COPY incubating/mqadvanced-server-dev/install-extra-packages.sh /usr/local/bin/ +RUN chmod u+x /usr/local/bin/install-extra-packages.sh \ + && sleep 1 \ + && install-extra-packages.sh +# WARNING: This is what allows the mqm user to change the password of any other user +# It's used by runmqdevserver to change the admin/app passwords. +RUN echo "mqm ALL = NOPASSWD: /usr/sbin/chpasswd" > /etc/sudoers.d/mq-dev-config +## Add admin and app users, and set a default password for admin +RUN useradd admin -G mqm \ + && groupadd mqclient \ + && useradd app -G mqclient \ + && echo admin:$MQ_ADMIN_PASSWORD | chpasswd +# Create a directory for runtime data from runmqserver +RUN mkdir -p /run/runmqdevserver \ + && chown mqm:mqm /run/runmqdevserver +COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/runmqdevserver /usr/local/bin/ +# Copy template files +COPY incubating/mqadvanced-server-dev/*.tpl /etc/mqm/ +# Copy web XML files for default developer configuration +COPY incubating/mqadvanced-server-dev/web /etc/mqm/web +RUN chown -R mqm:mqm /etc/mqm/* \ + && chmod +x /usr/local/bin/runmq* \ + && install --directory --mode 0775 --owner mqm --group root /run/runmqdevserver +EXPOSE 9443 +ENV MQ_BETA_ENABLE_WEB_SERVER=1 +USER $MQM_UID +ENTRYPOINT ["runmqdevserver"] \ No newline at end of file diff --git a/Makefile b/Makefile index 5afa075..e00d5a5 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -# © Copyright IBM Corporation 2018 +# © Copyright IBM Corporation 2017, 2019 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,106 +13,254 @@ # limitations under the License. ############################################################################### -# Variables +# Conditional variables - you can override the values of these variables from +# the command line +############################################################################### +# MQ_VERSION is the fully qualified MQ version number to build +MQ_VERSION ?= 9.1.2.0 +# MQ_ARCHIVE is the name of the file, under the downloads directory, from which MQ Advanced can +# be installed. The default value is derived from MQ_VERSION, BASE_IMAGE and architecture +# Does not apply to MQ Advanced for Developers. +MQ_ARCHIVE ?= IBM_MQ_$(MQ_VERSION_VRM)_$(MQ_ARCHIVE_TYPE)_$(MQ_ARCHIVE_ARCH).tar.gz +# MQ_ARCHIVE_DEV is the name of the file, under the downloads directory, from which MQ Advanced +# for Developers can be installed +MQ_ARCHIVE_DEV ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION)) +# MQ_SDK_ARCHIVE specifies the archive to use for building the golang programs. Defaults vary on developer or advanced. +MQ_SDK_ARCHIVE ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION)) +# Options to `go test` for the Docker tests +TEST_OPTS_DOCKER ?= +# MQ_IMAGE_ADVANCEDSERVER is the name and tag of the built MQ Advanced image +MQ_IMAGE_ADVANCEDSERVER ?=mqadvanced-server +MQ_TAG_ADVANCEDSERVER ?=$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG) +# MQ_IMAGE_DEVSERVER is the name and tag of the built MQ Advanced for Developers image +MQ_IMAGE_DEVSERVER ?=mqadvanced-server-dev +MQ_TAG ?=$(MQ_VERSION)-$(ARCH) +# DOCKER is the Docker command to run. Defaults to "podman" if it's available, otherwise "docker" +DOCKER ?= $(shell type -p podman || echo docker) +# MQ_PACKAGES specifies the MQ packages (.deb or .rpm) to install. Defaults vary on base image. +MQ_PACKAGES ?= +# MQM_UID is the UID to use for the "mqm" user +MQM_UID ?= 888 + +############################################################################### +# Other variables ############################################################################### GO_PKG_DIRS = ./cmd ./internal ./test +MQ_ARCHIVE_TYPE=LINUX +MQ_ARCHIVE_DEV_PLATFORM=linux +# ARCH is the platform architecture (e.g. x86_64, ppc64le or s390x) +ARCH = $(shell uname -m) +# BUILD_SERVER_CONTAINER is the name of the web server container used at build time +BUILD_SERVER_CONTAINER=build-server +# NUM_CPU is the number of CPUs available to Docker. Used to control how many +# test run in parallel +NUM_CPU = $(or $(shell docker info --format "{{ .NCPU }}"),2) +# BASE_IMAGE_TAG is a normalized version of BASE_IMAGE, suitable for use in a Docker tag +BASE_IMAGE_TAG=$(lastword $(subst /, ,$(subst :,-,$(BASE_IMAGE)))) +#BASE_IMAGE_TAG=$(subst /,-,$(subst :,-,$(BASE_IMAGE))) +MQ_IMAGE_DEVSERVER_BASE=mqadvanced-server-dev-base +# Docker image name to use for JMS tests +DEV_JMS_IMAGE=mq-dev-jms-test +# Variables for versioning +IMAGE_REVISION=$(shell git rev-parse HEAD) +IMAGE_SOURCE=$(shell git config --get remote.origin.url) +EMPTY:= +SPACE:= $(EMPTY) $(EMPTY) +# MQ_VERSION_VRM is MQ_VERSION with only the Version, Release and Modifier fields (no Fix field). e.g. 9.1.2 instead of 9.1.2.0 +MQ_VERSION_VRM=$(subst $(SPACE),.,$(wordlist 1,3,$(subst .,$(SPACE),$(MQ_VERSION)))) -# Set variable if running on a Red Hat Enterprise Linux host -ifneq ($(wildcard /etc/redhat-release),) -REDHAT_RELEASE = $(shell cat /etc/redhat-release) -ifeq "$(findstring Red Hat,$(REDHAT_RELEASE))" "Red Hat" - RHEL_HOST = "true" +ifneq (,$(findstring Microsoft,$(shell uname -r))) + DOWNLOADS_DIR=$(patsubst /mnt/c%,C:%,$(realpath ./downloads/)) +else + DOWNLOADS_DIR=$(realpath ./downloads/) endif + +# Try to figure out which archive to use from the architecture +ifeq "$(ARCH)" "x86_64" + MQ_ARCHIVE_ARCH=X86-64 + MQ_DEV_ARCH=x86-64 +else ifeq "$(ARCH)" "ppc64le" + MQ_ARCHIVE_ARCH=LE_POWER + MQ_DEV_ARCH=ppcle +else ifeq "$(ARCH)" "s390x" + MQ_ARCHIVE_ARCH=SYSTEM_Z + MQ_DEV_ARCH=s390x endif +# Archive names for IBM MQ Advanced for Developers +MQ_ARCHIVE_DEV_9.1.0.0=mqadv_dev910_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz +MQ_ARCHIVE_DEV_9.1.1.0=mqadv_dev911_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz +MQ_ARCHIVE_DEV_9.1.2.0=mqadv_dev912_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz ############################################################################### # Build targets ############################################################################### +.PHONY: vars +vars: + @echo $(MQ_ARCHIVE_ARCH) + @echo $(MQ_ARCHIVE_TYPE) + @echo $(MQ_ARCHIVE) -# Targets default to a RHEL image on a RHEL host, or an Ubuntu image everywhere else +.PHONY: default +default: build-devserver test -.PHONY: build-devserver -ifdef RHEL_HOST -build-devserver: build-devserver-rhel -else -build-devserver: build-devserver-ubuntu -endif +# Build all components (except incubating ones) +.PHONY: all +all: build-devserver build-advancedserver -.PHONY: build-advancedserver -ifdef RHEL_HOST -build-advancedserver: build-advancedserver-rhel -else -build-advancedserver: build-advancedserver-ubuntu -endif +.PHONY: test-all +test-all: build-devjmstest test-devserver test-advancedserver +.PHONY: devserver +devserver: build-devserver build-devjmstest test-devserver -.PHONY: test-devserver -ifdef RHEL_HOST -test-devserver: test-devserver-rhel -else -test-devserver: test-devserver-ubuntu -endif +# Build incubating components +.PHONY: incubating +incubating: build-explorer + +downloads/$(MQ_ARCHIVE_DEV): + $(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END))) + mkdir -p downloads + cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_ARCHIVE_DEV) + +downloads/$(MQ_SDK_ARCHIVE): + $(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END))) + mkdir -p downloads + cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_SDK_ARCHIVE) + +.PHONY: downloads +downloads: downloads/$(MQ_ARCHIVE_DEV) downloads/$(MQ_SDK_ARCHIVE) + +# Vendor Go dependencies for the Docker tests +test/docker/vendor: + cd test/docker && dep ensure -vendor-only + +# Shortcut to just run the unit tests +.PHONY: test-unit +test-unit: + docker build --target builder --file Dockerfile-server . .PHONY: test-advancedserver -ifdef RHEL_HOST -test-advancedserver: test-advancedserver-rhel -else -test-advancedserver: test-advancedserver-ubuntu -endif +test-advancedserver: test/docker/vendor + $(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) on $(shell docker --version)"$(END))) + docker inspect $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) + cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) EXPECTED_LICENSE=Production go test -parallel $(NUM_CPU) $(TEST_OPTS_DOCKER) .PHONY: build-devjmstest -ifdef RHEL_HOST -build-devjmstest: build-devjmstest-rhel +build-devjmstest: + $(info $(SPACER)$(shell printf $(TITLE)"Build JMS tests for developer config"$(END))) + cd test/messaging && docker build --tag $(DEV_JMS_IMAGE) . + +.PHONY: test-devserver +test-devserver: test/docker/vendor + $(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_DEVSERVER):$(MQ_TAG) on $(shell docker --version)"$(END))) + docker inspect $(MQ_IMAGE_DEVSERVER):$(MQ_TAG) + cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER):$(MQ_TAG) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) IBMJRE=true go test -parallel $(NUM_CPU) -tags mqdev $(TEST_OPTS_DOCKER) + +coverage: + mkdir coverage + +.PHONY: test-advancedserver-cover +test-advancedserver-cover: test/docker/vendor coverage + $(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) with code coverage on $(shell docker --version)"$(END))) + rm -f ./coverage/unit*.cov + # Run unit tests with coverage, for each package under 'internal' + go list -f '{{.Name}}' ./internal/... | xargs -I {} go test -cover -covermode count -coverprofile ./coverage/unit-{}.cov ./internal/{} +# ls -1 ./cmd | xargs -I {} go test -cover -covermode count -coverprofile ./coverage/unit-{}.cov ./cmd/{}/... + echo 'mode: count' > ./coverage/unit.cov + tail -q -n +2 ./coverage/unit-*.cov >> ./coverage/unit.cov + go tool cover -html=./coverage/unit.cov -o ./coverage/unit.html + + rm -f ./test/docker/coverage/*.cov + rm -f ./coverage/docker.* + mkdir -p ./test/docker/coverage/ + cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)-cover TEST_COVER=true go test $(TEST_OPTS_DOCKER) + echo 'mode: count' > ./coverage/docker.cov + tail -q -n +2 ./test/docker/coverage/*.cov >> ./coverage/docker.cov + go tool cover -html=./coverage/docker.cov -o ./coverage/docker.html + + echo 'mode: count' > ./coverage/combined.cov + tail -q -n +2 ./coverage/unit.cov ./coverage/docker.cov >> ./coverage/combined.cov + go tool cover -html=./coverage/combined.cov -o ./coverage/combined.html + +define docker-build-mq + # Create a temporary network to use for the build + $(DOCKER) network create build + # Start a web server to host the MQ downloadable (tar.gz) file + $(DOCKER) run \ + --rm \ + --name $(BUILD_SERVER_CONTAINER) \ + --network build \ + --network-alias build \ + --volume $(DOWNLOADS_DIR):/usr/share/nginx/html:ro \ + --detach \ + nginx:alpine + # Build the new image + $(DOCKER) build \ + --tag $1:$2 \ + --file $3 \ + --network build \ + --build-arg MQ_URL=http://build:80/$4 \ + --build-arg IMAGE_REVISION="$(IMAGE_REVISION)" \ + --build-arg IMAGE_SOURCE="$(IMAGE_SOURCE)" \ + --build-arg IMAGE_TAG="$1:$2" \ + --build-arg MQM_UID=$(MQM_UID) \ + --label version=$7 \ + --label name=$1 \ + --label build-date=$(shell date +%Y-%m-%dT%H:%M:%S%z) \ + --label release="" \ + --label vcs-ref=$(IMAGE_REVISION) \ + --label vcs-type=git \ + --label vcs-url=$(IMAGE_SOURCE) \ + --target $8 \ + . ; $(DOCKER) kill $(BUILD_SERVER_CONTAINER) && $(DOCKER) network rm build +endef + +DOCKER_SERVER_VERSION=$(shell docker version --format "{{ .Server.Version }}") +DOCKER_CLIENT_VERSION=$(shell docker version --format "{{ .Client.Version }}") +.PHONY: docker-version +docker-version: + @test "$(word 1,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "17" || ("$(word 1,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -eq "17" && "$(word 2,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "05") || (echo "Error: Docker client 17.05 or greater is required" && exit 1) + @test "$(word 1,$(subst ., ,$(DOCKER_SERVER_VERSION)))" -ge "17" || ("$(word 1,$(subst ., ,$(DOCKER_SERVER_VERSION)))" -eq "17" && "$(word 2,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "05") || (echo "Error: Docker server 17.05 or greater is required" && exit 1) + +.PHONY: build-advancedserver +build-advancedserver: MQ_SDK_ARCHIVE=$(MQ_ARCHIVE) +build-advancedserver: downloads/$(MQ_ARCHIVE) docker-version #build-golang-sdk-ex + $(info $(SPACER)$(shell printf $(TITLE)"Build $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)"$(END))) + $(call docker-build-mq,$(MQ_IMAGE_ADVANCEDSERVER),$(MQ_TAG),Dockerfile-server,$(MQ_ARCHIVE),"4486e8c4cc9146fd9b3ce1f14a2dfc5b","IBM MQ Advanced",$(MQ_VERSION),mq-server) + +.PHONY: build-devserver +build-devserver: downloads/$(MQ_ARCHIVE_DEV) docker-version #build-golang-sdk-ex + $(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_DEVSERVER_BASE):$(MQ_TAG)"$(END))) + $(call docker-build-mq,$(MQ_IMAGE_DEVSERVER),$(MQ_TAG),Dockerfile-server,$(MQ_ARCHIVE_DEV),"98102d16795c4263ad9ca075190a2d4d","IBM MQ Advanced for Developers (Non-Warranted)",$(MQ_VERSION),mq-dev-server) + +.PHONY: build-advancedserver-cover +build-advancedserver-cover: docker-version + $(DOCKER) build --build-arg BASE_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) -t $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG)-cover -f Dockerfile-server.cover . + +.PHONY: build-explorer +ifeq "$(findstring ubuntu,$(BASE_IMAGE))" "ubuntu" +build-explorer: MQ_PACKAGES=ibmmq-explorer else -build-devjmstest: build-devjmstest-ubuntu +build-explorer: MQ_PACKAGES=MQSeriesRuntime*.rpm MQSeriesJRE*.rpm MQSeriesExplorer*.rpm endif +build-explorer: downloads/$(MQ_ARCHIVE_DEV) docker-pull + $(call docker-build-mq,mq-explorer:latest-$(ARCH),incubating/mq-explorer/Dockerfile,$(MQ_ARCHIVE_DEV),"98102d16795c4263ad9ca075190a2d4d","IBM MQ Advanced for Developers (Non-Warranted)",$(MQ_VERSION),"ubuntu:16.04") -# UBUNTU building targets -.PHONY: build-devserver-ubuntu -build-devserver-ubuntu: - $(MAKE) -f Makefile-UBUNTU build-devserver +.PHONY: docker-pull +docker-pull: + $(DOCKER) pull $(BASE_IMAGE) -.PHONY: test-devserver-ubuntu -test-devserver-ubuntu: - $(MAKE) -f Makefile-UBUNTU test-devserver -.PHONY: build-devjmstest-ubuntu - $(MAKE) -f Makefile-UBUNTU build-devjmstest +.PHONY: debug-vars +debug-vars: + @echo MQ_VERSION=$(MQ_VERSION) + @echo MQ_VERSION_VRM=$(MQ_VERSION_VRM) + @echo MQ_ARCHIVE=$(MQ_ARCHIVE) + @echo MQ_IMAGE_DEVSERVER=$(MQ_IMAGE_DEVSERVER) + @echo MQ_IMAGE_ADVANCEDSERVER=$(MQ_IMAGE_ADVANCEDSERVER) -.PHONY: build-advancedserver-ubuntu -build-advancedserver-ubuntu: - $(MAKE) -f Makefile-UBUNTU build-advancedserver +include formatting.mk -.PHONY: test-advancedserver-ubuntu -test-advancedserver-ubuntu: - $(MAKE) -f Makefile-UBUNTU test-advancedserver - -.PHONY: build-devjmstest-ubuntu -build-devjmstest-ubuntu: - $(MAKE) -f Makefile-UBUNTU build-devjmstest - -# RHEL building targets -.PHONY: build-devserver-rhel -build-devserver-rhel: - $(MAKE) -f Makefile-RHEL build-devserver - -.PHONY: test-devserver-rhel -test-devserver-rhel: - $(MAKE) -f Makefile-RHEL test-devserver - -.PHONY: build-advancedserver-rhel -build-advancedserver-rhel: - $(MAKE) -f Makefile-RHEL build-advancedserver - -.PHONY: test-advancedserver-rhel -test-advancedserver-rhel: - $(MAKE) -f Makefile-RHEL test-advancedserver - -.PHONY: build-devjmstest-rhel -build-devjmstest-rhel: - $(MAKE) -f Makefile-RHEL build-devjmstest - -# Common targets .PHONY: clean clean: rm -rf ./coverage @@ -167,9 +315,4 @@ gosec: $(info $(SPACER)$(shell printf "Running gosec test"$(END))) printf "\ngosec found no LOW severity issues\n" ;\ fi ;\ -.PHONY: unknownos -unknownos: - $(info $(SPACER)$(shell printf "ERROR: Unknown OS ("$(BASE_OS)") please run specific make targets"$(END))) - exit 1 - include formatting.mk diff --git a/Makefile-RHEL b/Makefile-RHEL deleted file mode 100644 index 2fe542e..0000000 --- a/Makefile-RHEL +++ /dev/null @@ -1,204 +0,0 @@ -# © Copyright IBM Corporation 2018, 2019 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -############################################################################### -# Conditional variables - you can override the values of these variables from -# the command line -############################################################################### -# BASE_IMAGE is the base image to use for MQ, for example "ubuntu" or "rhel" -BASE_IMAGE ?= rhel -# MQ_VERSION is the fully qualified MQ version number to build -MQ_VERSION ?= 9.1.2.0 -# MQ_ARCHIVE is the name of the file, under the downloads directory, from which MQ Advanced can -# be installed. The default value is derived from MQ_VERSION, BASE_IMAGE and architecture -# Does not apply to MQ Advanced for Developers. -MQ_ARCHIVE ?= IBM_MQ_$(MQ_VERSION_VRM)_LINUX_$(MQ_ARCHIVE_ARCH).tar.gz -# MQ_ARCHIVE_DEV is the name of the file, under the downloads directory, from which MQ Advanced -# for Developers can be installed -MQ_ARCHIVE_DEV ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION)) -# MQ_SDK_ARCHIVE specifies the archive to use for the MQ redistributable client, which is used for building the golang programs. -MQ_SDK_ARCHIVE ?= 9.1.2.0-IBM-MQC-Redist-LinuxX64.tar.gz -# Options to `go test` for the Docker tests -TEST_OPTS_DOCKER ?= -# MQ_IMAGE_ADVANCEDSERVER is the name and tag of the built MQ Advanced image -MQ_IMAGE_ADVANCEDSERVER ?=mqadvanced-server:$(MQ_VERSION)-RHEL-$(ARCH) -# MQ_IMAGE_DEVSERVER is the name and tag of the built MQ Advanced for Developers image -MQ_IMAGE_DEVSERVER ?=mqadvanced-server-dev:$(MQ_VERSION)-RHEL-$(ARCH) -# MQ_IMAGE_SDK is the name and tag of the built MQ Advanced for Developers SDK image -MQ_IMAGE_SDK ?=mq-sdk:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG) -# MQ_IMAGE_GOLANG_SDK is the name and tag of the built MQ Advanced for Developers SDK image, plus Go tools -MQ_IMAGE_GOLANG_SDK ?=mq-golang-sdk:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG) -# MQ_PACKAGES specifies the MQ packages to install. Defaults vary on base image. -MQ_PACKAGES ?= MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesAMS-*.rpm - -############################################################################### -# Other variables -############################################################################### -# ARCH is the platform architecture (e.g. x86_64, ppc64le or s390x) -ARCH = $(shell uname -m) -# BASE_IMAGE_TAG is a normalized version of BASE_IMAGE, suitable for use in a Docker tag -BASE_IMAGE_TAG=$(subst /,-,$(subst :,-,$(BASE_IMAGE))) -MQ_IMAGE_DEVSERVER_BASE=mqadvanced-server-dev-base:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG) -# Docker image name to use for JMS tests -DEV_JMS_IMAGE=mq-dev-jms-test:latest -# Variables for versioning -IMAGE_REVISION=$(shell git rev-parse HEAD) -IMAGE_SOURCE=$(shell git config --get remote.origin.url) -MQDEV= -EMPTY:= -SPACE:= $(EMPTY) $(EMPTY) -# MQ_VERSION_VRM is MQ_VERSION with only the Version, Release and Modifier fields (no Fix field). e.g. 9.1.2 instead of 9.1.2.0 -MQ_VERSION_VRM=$(subst $(SPACE),.,$(wordlist 1,3,$(subst .,$(SPACE),$(MQ_VERSION)))) - - -ifneq (,$(findstring Microsoft,$(shell uname -r))) - DOWNLOADS_DIR=$(patsubst /mnt/c%,C:%,$(realpath ./downloads/)) -else - DOWNLOADS_DIR=$(realpath ./downloads/) -endif - -# Try to figure out which archive to use from the architecture -ifeq "$(ARCH)" "x86_64" - MQ_ARCHIVE_ARCH=X86-64 - MQ_DEV_ARCH=x86-64 -else ifeq "$(ARCH)" "ppc64le" - MQ_ARCHIVE_ARCH=LE_POWER - MQ_DEV_ARCH=ppcle -else ifeq "$(ARCH)" "s390x" - MQ_ARCHIVE_ARCH=SYSTEM_Z - MQ_DEV_ARCH=s390x -endif -# Archive names for IBM MQ Advanced for Developers -MQ_ARCHIVE_DEV_9.1.0.0=mqadv_dev910_linux_$(MQ_DEV_ARCH).tar.gz -MQ_ARCHIVE_DEV_9.1.1.0=mqadv_dev911_linux_$(MQ_DEV_ARCH).tar.gz -MQ_ARCHIVE_DEV_9.1.2.0=mqadv_dev912_linux_$(MQ_DEV_ARCH).tar.gz - -############################################################################### -# Build targets -############################################################################### -.PHONY: vars -vars: -#ifeq "$(findstring ubuntu,$(BASE_IMAGE))","ubuntu" - @echo $(MQ_ARCHIVE_ARCH) - @echo $(MQ_ARCHIVE_TYPE) - @echo $(MQ_ARCHIVE) - -.PHONY: default -default: build-devserver test-devserver - -# Build all components (except incubating ones) -.PHONY: all -all: build-devserver build-advancedserver - -.PHONY: test-all -test-all: build-devjmstest test-devserver test-advancedserver - -.PHONY: devserver -devserver: build-devserver build-devjmstest test-devserver - -# Build incubating components -.PHONY: incubating -incubating: build-explorer - -downloads/$(MQ_ARCHIVE_DEV): - $(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END))) - mkdir -p downloads - cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_ARCHIVE_DEV) - -downloads/$(MQ_SDK_ARCHIVE): - $(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced redistributable client "$(MQ_VERSION)$(END))) - mkdir -p downloads - cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqdev/redist/$(MQ_SDK_ARCHIVE) - -.PHONY: downloads -downloads: downloads/$(MQ_ARCHIVE_DEV) downloads/$(MQ_SDK_ARCHIVE) - -# Vendor Go dependencies for the Docker tests -test/docker/vendor: - cd test/docker && dep ensure -vendor-only - - -.PHONY: check-prereqs -check-prereqs: - $(info $(SPACER)$(shell printf $(TITLE)"Checking for prereqs"$(END))) - which buildah || (echo "Missing required program buildah" && exit 1) - which podman || (echo "Missing required program podman" && exit 1) - yum list | grep yum-utils || (echo "Missing required package yum-utils" && exit 1) - -.PHONY: check-test-prereqs -check-test-prereqs: - $(info $(SPACER)$(shell printf $(TITLE)"Checking for prereqs"$(END))) - which buildah || (echo "Missing required program buildah" && exit 1) - which docker || (echo "Missing required program docker" && exit 1) - -.PHONY: test-advancedserver -test-advancedserver: check-test-prereqs test/docker/vendor - $(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER) on $(shell docker --version)"$(END))) - sudo buildah push $(MQ_IMAGE_ADVANCEDSERVER) docker-daemon:$(MQ_IMAGE_ADVANCEDSERVER) - docker tag docker.io/$(MQ_IMAGE_ADVANCEDSERVER) $(MQ_IMAGE_ADVANCEDSERVER) - cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER) EXPECTED_LICENSE=Production go test $(TEST_OPTS_DOCKER) - - -.PHONY: test-devserver -test-devserver: check-test-prereqs test/docker/vendor - $(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_DEVSERVER) on $(shell docker --version)"$(END))) - sudo buildah push $(MQ_IMAGE_DEVSERVER) docker-daemon:$(MQ_IMAGE_DEVSERVER) - docker tag docker.io/$(MQ_IMAGE_DEVSERVER) $(MQ_IMAGE_DEVSERVER) - cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) go test -tags mqdev $(TEST_OPTS_DOCKER) - - -.PHONY: build-advancedserver -build-advancedserver: check-prereqs downloads/$(MQ_ARCHIVE) build-go-programs - $(info $(SPACER)$(shell printf $(TITLE)"Build $(MQ_IMAGE_ADVANCEDSERVER)"$(END))) - sudo mq-advanced-server-rhel/mq-buildah.sh "$(MQ_ARCHIVE)" "$(MQ_PACKAGES)" "$(MQ_IMAGE_ADVANCEDSERVER)" "$(MQ_VERSION)" "$(MQDEV)" - - -.PHONY: build-devserver -build-devserver: MQDEV=TRUE -build-devserver: MQ_PACKAGES=MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesAMS-*.rpm MQSeriesWeb-*.rpm -build-devserver: check-prereqs downloads/$(MQ_ARCHIVE_DEV) build-go-programs - $(info $(SPACER)$(shell printf $(TITLE)"Build $(MQ_IMAGE_DEVSERVER)"$(END))) - sudo mq-advanced-server-rhel/mq-buildah.sh "$(MQ_ARCHIVE_DEV)" "$(MQ_PACKAGES)" "$(MQ_IMAGE_DEVSERVER_BASE)" "$(MQ_VERSION)" "$(MQDEV)" - sudo mq-advanced-server-rhel/mqdev-buildah.sh "$(MQ_IMAGE_DEVSERVER_BASE)" "$(MQ_IMAGE_DEVSERVER)" "$(MQ_VERSION)" - - -.PHONY: build-mqgolang-sdk -build-mqgolang-sdk: check-prereqs downloads/$(MQ_SDK_ARCHIVE) - $(info $(SPACER)$(shell printf $(TITLE)"Build mq-golang SDK"$(END))) - sudo mq-advanced-server-rhel/mq-golang-sdk-buildah.sh "$(MQ_SDK_ARCHIVE)" "$(MQ_IMAGE_GOLANG_SDK)" - -.PHONY: build-go-programs -build-go-programs: check-prereqs downloads/$(MQ_SDK_ARCHIVE) build-mqgolang-sdk - $(info $(SPACER)$(shell printf $(TITLE)"Build go programs"$(END))) - IMAGE_REVISION=$(IMAGE_REVISION) IMAGE_SOURCE=$(IMAGE_SOURCE) sudo --preserve-env mq-advanced-server-rhel/go-buildah.sh "$(MQ_IMAGE_GOLANG_SDK)" "$(MQDEV)" - -.PHONY: build-devjmstest -build-devjmstest: check-test-prereqs - $(info $(SPACER)$(shell printf $(TITLE)"Build JMS tests for developer config"$(END))) - cd test/messaging && sudo ./buildah.sh $(DEV_JMS_IMAGE) - sudo buildah push $(DEV_JMS_IMAGE) docker-daemon:$(DEV_JMS_IMAGE) - docker tag docker.io/$(DEV_JMS_IMAGE) $(DEV_JMS_IMAGE) - -.PHONY: debug-vars -debug-vars: - @echo MQ_VERSION=$(MQ_VERSION) - @echo MQ_VERSION_VRM=$(MQ_VERSION_VRM) - @echo MQ_ARCHIVE=$(MQ_ARCHIVE) - @echo MQ_SDK_ARCHIVE=$(MQ_SDK_ARCHIVE) - @echo MQ_IMAGE_GOLANG_SDK=$(MQ_IMAGE_GOLANG_SDK) - @echo MQ_IMAGE_DEVSERVER_BASE=$(MQ_IMAGE_DEVSERVER_BASE) - @echo MQ_IMAGE_DEVSERVER=$(MQ_IMAGE_DEVSERVER) - @echo MQ_IMAGE_ADVANCEDSERVER=$(MQ_IMAGE_ADVANCEDSERVER) - -include formatting.mk diff --git a/Makefile-UBUNTU b/Makefile-UBUNTU deleted file mode 100644 index 0a25a2d..0000000 --- a/Makefile-UBUNTU +++ /dev/null @@ -1,289 +0,0 @@ -# © Copyright IBM Corporation 2017, 2019 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -############################################################################### -# Conditional variables - you can override the values of these variables from -# the command line -############################################################################### -# BASE_IMAGE is the base image to use for MQ, for example "ubuntu" or "rhel" -BASE_IMAGE ?= ubuntu:16.04 -# MQ_VERSION is the fully qualified MQ version number to build -MQ_VERSION ?= 9.1.2.0 -# MQ_ARCHIVE is the name of the file, under the downloads directory, from which MQ Advanced can -# be installed. The default value is derived from MQ_VERSION, BASE_IMAGE and architecture -# Does not apply to MQ Advanced for Developers. -MQ_ARCHIVE ?= IBM_MQ_$(MQ_VERSION_VRM)_$(MQ_ARCHIVE_TYPE)_$(MQ_ARCHIVE_ARCH).tar.gz -# MQ_ARCHIVE_DEV is the name of the file, under the downloads directory, from which MQ Advanced -# for Developers can be installed -MQ_ARCHIVE_DEV ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION)) -# MQ_SDK_ARCHIVE specifies the archive to use for building the golang programs. Defaults vary on developer or advanced. -MQ_SDK_ARCHIVE ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION)) -# Options to `go test` for the Docker tests -TEST_OPTS_DOCKER ?= -# MQ_IMAGE_ADVANCEDSERVER is the name and tag of the built MQ Advanced image -MQ_IMAGE_ADVANCEDSERVER ?=mqadvanced-server:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG) -# MQ_IMAGE_DEVSERVER is the name and tag of the built MQ Advanced for Developers image -MQ_IMAGE_DEVSERVER ?=mqadvanced-server-dev:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG) -# MQ_IMAGE_SDK is the name and tag of the built MQ Advanced for Developers SDK image -MQ_IMAGE_SDK ?=mq-sdk:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG) -# MQ_IMAGE_GOLANG_SDK is the name and tag of the built MQ Advanced for Developers SDK image, plus Go tools -MQ_IMAGE_GOLANG_SDK ?=mq-golang-sdk:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG) -# DOCKER is the Docker command to run -DOCKER ?= docker -# MQ_PACKAGES specifies the MQ packages (.deb or .rpm) to install. Defaults vary on base image. -MQ_PACKAGES ?= - -############################################################################### -# Other variables -############################################################################### -# ARCH is the platform architecture (e.g. x86_64, ppc64le or s390x) -ARCH = $(shell uname -m) -# BUILD_SERVER_CONTAINER is the name of the web server container used at build time -BUILD_SERVER_CONTAINER=build-server -# NUM_CPU is the number of CPUs available to Docker. Used to control how many -# test run in parallel -NUM_CPU = $(or $(shell docker info --format "{{ .NCPU }}"),2) -# BASE_IMAGE_TAG is a normalized version of BASE_IMAGE, suitable for use in a Docker tag -BASE_IMAGE_TAG=$(subst /,-,$(subst :,-,$(BASE_IMAGE))) -MQ_IMAGE_DEVSERVER_BASE=mqadvanced-server-dev-base:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG) -# Docker image name to use for JMS tests -DEV_JMS_IMAGE=mq-dev-jms-test -# Variables for versioning -IMAGE_REVISION=$(shell git rev-parse HEAD) -IMAGE_SOURCE=$(shell git config --get remote.origin.url) -EMPTY:= -SPACE:= $(EMPTY) $(EMPTY) -# MQ_VERSION_VRM is MQ_VERSION with only the Version, Release and Modifier fields (no Fix field). e.g. 9.1.2 instead of 9.1.2.0 -MQ_VERSION_VRM=$(subst $(SPACE),.,$(wordlist 1,3,$(subst .,$(SPACE),$(MQ_VERSION)))) - -ifneq (,$(findstring Microsoft,$(shell uname -r))) - DOWNLOADS_DIR=$(patsubst /mnt/c%,C:%,$(realpath ./downloads/)) -else - DOWNLOADS_DIR=$(realpath ./downloads/) -endif - -# Try to figure out which archive to use from the BASE_IMAGE -ifeq "$(findstring ubuntu,$(BASE_IMAGE))" "ubuntu" - MQ_ARCHIVE_TYPE=UBUNTU - MQ_ARCHIVE_DEV_PLATFORM=ubuntu - MQM_UID=999 -else - MQ_ARCHIVE_TYPE=LINUX - MQ_ARCHIVE_DEV_PLATFORM=linux - MQM_UID=888 -endif -# Try to figure out which archive to use from the architecture -ifeq "$(ARCH)" "x86_64" - MQ_ARCHIVE_ARCH=X86-64 - MQ_DEV_ARCH=x86-64 -else ifeq "$(ARCH)" "ppc64le" - MQ_ARCHIVE_ARCH=LE_POWER - MQ_DEV_ARCH=ppcle -else ifeq "$(ARCH)" "s390x" - MQ_ARCHIVE_ARCH=SYSTEM_Z - MQ_DEV_ARCH=s390x -endif -# Archive names for IBM MQ Advanced for Developers -MQ_ARCHIVE_DEV_9.1.0.0=mqadv_dev910_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz -MQ_ARCHIVE_DEV_9.1.1.0=mqadv_dev911_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz -MQ_ARCHIVE_DEV_9.1.2.0=mqadv_dev912_$(MQ_ARCHIVE_DEV_PLATFORM)_$(MQ_DEV_ARCH).tar.gz - -############################################################################### -# Build targets -############################################################################### -.PHONY: vars -vars: -#ifeq "$(findstring ubuntu,$(BASE_IMAGE))","ubuntu" - @echo $(MQ_ARCHIVE_ARCH) - @echo $(MQ_ARCHIVE_TYPE) - @echo $(MQ_ARCHIVE) - -.PHONY: default -default: build-devserver test - -# Build all components (except incubating ones) -.PHONY: all -all: build-devserver build-advancedserver - -.PHONY: test-all -test-all: build-devjmstest test-devserver test-advancedserver - -.PHONY: devserver -devserver: build-devserver build-devjmstest test-devserver - -# Build incubating components -.PHONY: incubating -incubating: build-explorer - -downloads/$(MQ_ARCHIVE_DEV): - $(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END))) - mkdir -p downloads - cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_ARCHIVE_DEV) - -downloads/$(MQ_SDK_ARCHIVE): - $(info $(SPACER)$(shell printf $(TITLE)"Downloading IBM MQ Advanced for Developers "$(MQ_VERSION)$(END))) - mkdir -p downloads - cd downloads; curl -LO https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/$(MQ_SDK_ARCHIVE) - -.PHONY: downloads -downloads: downloads/$(MQ_ARCHIVE_DEV) downloads/$(MQ_SDK_ARCHIVE) - -# Vendor Go dependencies for the Docker tests -test/docker/vendor: - cd test/docker && dep ensure -vendor-only - -# Shortcut to just run the unit tests -.PHONY: test-unit -test-unit: - docker build --target builder --file Dockerfile-server . - -.PHONY: test-advancedserver -test-advancedserver: test/docker/vendor - $(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER) on $(shell docker --version)"$(END))) - docker inspect $(MQ_IMAGE_ADVANCEDSERVER) - cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER) EXPECTED_LICENSE=Production go test -parallel $(NUM_CPU) $(TEST_OPTS_DOCKER) - -.PHONY: build-devjmstest -build-devjmstest: - $(info $(SPACER)$(shell printf $(TITLE)"Build JMS tests for developer config"$(END))) - cd test/messaging && docker build --tag $(DEV_JMS_IMAGE) . - -.PHONY: test-devserver -test-devserver: test/docker/vendor - $(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_DEVSERVER) on $(shell docker --version)"$(END))) - docker inspect $(MQ_IMAGE_DEVSERVER) - cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) IBMJRE=true go test -parallel $(NUM_CPU) -tags mqdev $(TEST_OPTS_DOCKER) - -coverage: - mkdir coverage - -.PHONY: test-advancedserver-cover -test-advancedserver-cover: test/docker/vendor coverage - $(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER) with code coverage on $(shell docker --version)"$(END))) - rm -f ./coverage/unit*.cov - # Run unit tests with coverage, for each package under 'internal' - go list -f '{{.Name}}' ./internal/... | xargs -I {} go test -cover -covermode count -coverprofile ./coverage/unit-{}.cov ./internal/{} -# ls -1 ./cmd | xargs -I {} go test -cover -covermode count -coverprofile ./coverage/unit-{}.cov ./cmd/{}/... - echo 'mode: count' > ./coverage/unit.cov - tail -q -n +2 ./coverage/unit-*.cov >> ./coverage/unit.cov - go tool cover -html=./coverage/unit.cov -o ./coverage/unit.html - - rm -f ./test/docker/coverage/*.cov - rm -f ./coverage/docker.* - mkdir -p ./test/docker/coverage/ - cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER)-cover TEST_COVER=true go test $(TEST_OPTS_DOCKER) - echo 'mode: count' > ./coverage/docker.cov - tail -q -n +2 ./test/docker/coverage/*.cov >> ./coverage/docker.cov - go tool cover -html=./coverage/docker.cov -o ./coverage/docker.html - - echo 'mode: count' > ./coverage/combined.cov - tail -q -n +2 ./coverage/unit.cov ./coverage/docker.cov >> ./coverage/combined.cov - go tool cover -html=./coverage/combined.cov -o ./coverage/combined.html - -define docker-build-mq - # Create a temporary network to use for the build - $(DOCKER) network create build - # Start a web server to host the MQ downloadable (tar.gz) file - $(DOCKER) run \ - --rm \ - --name $(BUILD_SERVER_CONTAINER) \ - --network build \ - --network-alias build \ - --volume $(DOWNLOADS_DIR):/usr/share/nginx/html:ro \ - --detach \ - nginx:alpine - # Build the new image - $(DOCKER) build \ - --tag $1 \ - --file $2 \ - --network build \ - --build-arg MQ_URL=http://build:80/$3 \ - --build-arg BASE_IMAGE=$(BASE_IMAGE) \ - --build-arg BUILDER_IMAGE=$(MQ_IMAGE_GOLANG_SDK) \ - --build-arg IMAGE_REVISION="$(IMAGE_REVISION)" \ - --build-arg IMAGE_SOURCE="$(IMAGE_SOURCE)" \ - --build-arg IMAGE_TAG="$1" \ - --build-arg MQM_UID=$(MQM_UID) \ - --label IBM_PRODUCT_ID=$4 \ - --label IBM_PRODUCT_NAME=$5 \ - --label IBM_PRODUCT_VERSION=$6 \ - --build-arg MQ_PACKAGES="$(MQ_PACKAGES)" \ - . ; $(DOCKER) kill $(BUILD_SERVER_CONTAINER) && $(DOCKER) network rm build -endef - -DOCKER_SERVER_VERSION=$(shell docker version --format "{{ .Server.Version }}") -DOCKER_CLIENT_VERSION=$(shell docker version --format "{{ .Client.Version }}") -.PHONY: docker-version -docker-version: - @test "$(word 1,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "17" || ("$(word 1,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -eq "17" && "$(word 2,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "05") || (echo "Error: Docker client 17.05 or greater is required" && exit 1) - @test "$(word 1,$(subst ., ,$(DOCKER_SERVER_VERSION)))" -ge "17" || ("$(word 1,$(subst ., ,$(DOCKER_SERVER_VERSION)))" -eq "17" && "$(word 2,$(subst ., ,$(DOCKER_CLIENT_VERSION)))" -ge "05") || (echo "Error: Docker server 17.05 or greater is required" && exit 1) - -.PHONY: build-advancedserver -build-advancedserver: MQ_SDK_ARCHIVE=$(MQ_ARCHIVE) -build-advancedserver: downloads/$(MQ_ARCHIVE) docker-version build-golang-sdk-ex - $(info $(SPACER)$(shell printf $(TITLE)"Build $(MQ_IMAGE_ADVANCEDSERVER)"$(END))) - $(call docker-build-mq,$(MQ_IMAGE_ADVANCEDSERVER),Dockerfile-server,$(MQ_ARCHIVE),"4486e8c4cc9146fd9b3ce1f14a2dfc5b","IBM MQ Advanced",$(MQ_VERSION)) - -.PHONY: build-devserver -# Target-specific variable to add web server into devserver image -ifeq "$(findstring ubuntu,$(BASE_IMAGE))" "ubuntu" -build-devserver: MQ_PACKAGES=ibmmq-server ibmmq-java ibmmq-jre ibmmq-gskit ibmmq-msg-.* ibmmq-samples ibmmq-ams ibmmq-web -else -build-devserver: MQ_PACKAGES=MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesAMS-*.rpm MQSeriesWeb-*.rpm -endif -build-devserver: MQ_SDK_ARCHIVE=$(MQ_ARCHIVE_DEV) -build-devserver: downloads/$(MQ_ARCHIVE_DEV) docker-version build-golang-sdk-ex - $(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_DEVSERVER_BASE)"$(END))) - $(call docker-build-mq,$(MQ_IMAGE_DEVSERVER_BASE),Dockerfile-server,$(MQ_ARCHIVE_DEV),"98102d16795c4263ad9ca075190a2d4d","IBM MQ Advanced for Developers (Non-Warranted)",$(MQ_VERSION)) - $(DOCKER) build --tag $(MQ_IMAGE_DEVSERVER) --build-arg IMAGE_SOURCE="$(IMAGE_SOURCE)" --build-arg IMAGE_REVISION="$(IMAGE_REVISION)" --build-arg IMAGE_TAG="$(MQ_IMAGE_DEVSERVER)" --build-arg BASE_IMAGE=$(MQ_IMAGE_DEVSERVER_BASE) --build-arg BUILDER_IMAGE=$(MQ_IMAGE_GOLANG_SDK) --build-arg MQM_UID=$(MQM_UID) --file incubating/mqadvanced-server-dev/Dockerfile . - -.PHONY: build-advancedserver-cover -build-advancedserver-cover: docker-version - $(DOCKER) build --build-arg BASE_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER) -t $(MQ_IMAGE_ADVANCEDSERVER)-cover -f Dockerfile-server.cover . - -.PHONY: build-explorer -ifeq "$(findstring ubuntu,$(BASE_IMAGE))" "ubuntu" -build-explorer: MQ_PACKAGES=ibmmq-explorer -else -build-explorer: MQ_PACKAGES=MQSeriesRuntime*.rpm MQSeriesJRE*.rpm MQSeriesExplorer*.rpm -endif -build-explorer: downloads/$(MQ_ARCHIVE_DEV) docker-pull - $(call docker-build-mq,mq-explorer:latest-$(ARCH),incubating/mq-explorer/Dockerfile,$(MQ_ARCHIVE_DEV),"98102d16795c4263ad9ca075190a2d4d","IBM MQ Advanced for Developers (Non-Warranted)",$(MQ_VERSION)) - -.PHONY: build-sdk -build-sdk: downloads/$(MQ_SDK_ARCHIVE) build-sdk-ex - -.PHONY: build-sdk-ex -ifeq "$(findstring ubuntu,$(BASE_IMAGE))" "ubuntu" -build-sdk-ex: MQ_PACKAGES=ibmmq-sdk ibmmq-samples build-essential -else -build-sdk-ex: MQ_PACKAGES=MQSeriesRuntime-*.rpm MQSeriesSDK-*.rpm MQSeriesSamples*.rpm -endif -build-sdk-ex: docker-version docker-pull - $(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_SDK)"$(END))) - $(call docker-build-mq,$(MQ_IMAGE_SDK),incubating/mq-sdk/Dockerfile,$(MQ_SDK_ARCHIVE),"98102d16795c4263ad9ca075190a2d4d","IBM MQ Advanced for Developers SDK (Non-Warranted)",$(MQ_VERSION)) - -.PHONY: build-golang-sdk -build-golang-sdk: downloads/$(MQ_SDK_ARCHIVE) build-golang-sdk-ex - -.PHONY: build-golang-sdk-ex -build-golang-sdk-ex: docker-version build-sdk-ex - $(info $(shell printf $(TITLE)"Build $(MQ_IMAGE_GOLANG_SDK)"$(END))) - $(DOCKER) build --build-arg BASE_IMAGE=$(MQ_IMAGE_SDK) -t $(MQ_IMAGE_GOLANG_SDK) -f incubating/mq-golang-sdk/Dockerfile . - -.PHONY: docker-pull -docker-pull: - $(DOCKER) pull $(BASE_IMAGE) - -include formatting.mk diff --git a/cmd/runmqserver/post_init_dev.go b/cmd/runmqserver/post_init.go similarity index 74% rename from cmd/runmqserver/post_init_dev.go rename to cmd/runmqserver/post_init.go index 861c566..17854ff 100644 --- a/cmd/runmqserver/post_init_dev.go +++ b/cmd/runmqserver/post_init.go @@ -1,7 +1,5 @@ -// +build mqdev - /* -© Copyright IBM Corporation 2018 +© Copyright IBM Corporation 2018, 2019 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -22,18 +20,16 @@ import ( ) // postInit is run after /var/mqm is set up -// This version of postInit is only included as part of the MQ Advanced for Developers build func postInit(name string) error { - disable := os.Getenv("MQ_DISABLE_WEB_CONSOLE") - if disable != "true" && disable != "1" { + web := os.Getenv("MQ_BETA_ENABLE_WEB_SERVER") + if web == "true" || web == "1" { // Configure the web server (if installed) err := configureWebServer() if err != nil { return err } // Start the web server, in the background (if installed) - // WARNING: No error handling or health checking available for the web server, - // which is why it's limited to use with MQ Advanced for Developers only + // WARNING: No error handling or health checking available for the web server go func() { startWebServer() }() diff --git a/cmd/runmqserver/post_init_other.go b/cmd/runmqserver/post_init_other.go deleted file mode 100644 index 71f3458..0000000 --- a/cmd/runmqserver/post_init_other.go +++ /dev/null @@ -1,22 +0,0 @@ -// +build !mqdev - -/* -© Copyright IBM Corporation 2018 - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -package main - -func postInit(name string) error { - return nil -} diff --git a/cmd/runmqserver/webserver.go b/cmd/runmqserver/webserver.go index dae2bd6..c42849a 100644 --- a/cmd/runmqserver/webserver.go +++ b/cmd/runmqserver/webserver.go @@ -1,5 +1,3 @@ -// +build mqdev - /* © Copyright IBM Corporation 2018, 2019 diff --git a/docs/building.md b/docs/building.md index 96bec9f..b2346e7 100644 --- a/docs/building.md +++ b/docs/building.md @@ -2,40 +2,22 @@ ## Prerequisites -### Prerequisites for building an Ubuntu image -If you want to build a container image with Ubuntu Linux as the base OS, then you need to have the following tools installed: +You need to have the following tools installed: * [Docker](https://www.docker.com/) V17.06.1 or later * [GNU make](https://www.gnu.org/software/make/) If you are working in the Windows Subsystem for Linux, follow [this guide by Microsoft to set up Docker](https://blogs.msdn.microsoft.com/commandline/2017/12/08/cross-post-wsl-interoperability-with-docker/) first. -### Prerequisites for building a Red Hat Enterprise Linux image -If you want to build a container image with Red Hat Enterprise Linux as the base OS, then you need to use a host server with Red Hat Enterprise Linux. You must also have the following tools installed: - -* [`buildah`](https://buildah.io) (available in `rhel-7-server-extras`) -* [`podman`](https://podman.io) (available in `rhel-7-server-extras`) - -In addition, you need the following commonly installed tools: - -* `bash` -* `coreutils` -* `findutils` -* `make` -* `sed` -* `shadow-utils` -* `tar` - ## Building a production image + This procedure works for building the MQ Continuous Delivery release, on `x86_64`, `ppc64le` and `s390x` architectures. 1. Create a `downloads` directory in the root of this repository -2. Download MQ from [IBM Passport Advantage](https://www.ibm.com/software/passportadvantage/) or [IBM Fix Central](https://www.ibm.com/support/fixcentral), and place the downloaded file (for example, `IBM_MQ_9.1.1_UBUNTU_X86-64.tar.gz` for MQ V9.1.1 for Ubuntu on x86_64 architecture) in the `downloads` directory +2. Download MQ from [IBM Passport Advantage](https://www.ibm.com/software/passportadvantage/) or [IBM Fix Central](https://www.ibm.com/support/fixcentral), and place the downloaded file (for example, `IBM_MQ_9.1.2_UBUNTU_X86-64.tar.gz`) in the `downloads` directory 3. Run `make build-advancedserver` -> **Warning**: Note that MQ offers two different sets of packaging on Linux: one is called "MQ for Linux" and contains RPM files for installing on Red Hat Enterprise Linux and SUSE Linux Enterprise Server. The other package is called "MQ for Ubuntu", and contains DEB files for installing on Ubuntu. - -On a Red Hat Enterprise Linux host, the command `make build-advancedserver` will build a container image using Red Hat Enterprise Linux as the base. On all other hosts, the base image will be Ubuntu. +> **Warning**: Note that MQ offers two different sets of packaging on Linux: one is called "MQ for Linux" and contains RPM files for installing on Red Hat Enterprise Linux and SUSE Linux Enterprise Server. The MQ container build uses a Red Hat Universal Base Image, so you need the "MQ for Linux" RPM files. You can build a different version of MQ by setting the `MQ_VERSION` environment variable, for example: @@ -50,10 +32,10 @@ MQ_ARCHIVE=mq-1.2.3.4.tar.gz MQ_VERSION=1.2.3.4 make build-advancedserver ``` ## Building a developer image -Run `make build-devserver`, which will download the latest version of MQ Advanced for Developers from IBM developerWorks. This is currently only available on the `x86_64` architecture. On a Red Hat Enterprise Linux host, this command will build a container image using Red Hat Enterprise Linux as the base. On all other hosts, the base image will be Ubuntu. +Run `make build-devserver`, which will download the latest version of MQ Advanced for Developers from IBM developerWorks. This is currently only available on the `x86_64` architecture. You can use the environment variable `MQ_ARCHIVE_DEV` to specify an alternative local file to install from (which must be in the `downloads` directory). ## Installed components -This image includes the core MQ server, Java, language packs, and GSKit. This can be configured by setting the `MQ_PACKAGES` argument to `make`. For the Ubuntu-based image, you can also directly set a [Docker build argument](https://docs.docker.com/engine/reference/commandline/build/#set-build-time-variables-build-arg). +This image includes the core MQ server, Java, language packs, GSKit, and web server. This can be configured by setting the `MQ_PACKAGES` argument to `make`. \ No newline at end of file diff --git a/docs/developer-config.md b/docs/developer-config.md index 54c8b22..4e094f7 100644 --- a/docs/developer-config.md +++ b/docs/developer-config.md @@ -52,4 +52,4 @@ If you choose to accept the security warning, you will be presented with the log If you wish to change the password for the admin user, this can be done using the `MQ_ADMIN_PASSWORD` environment variable. If you supply a PKCS#12 keystore using the `MQ_TLS_KEYSTORE` environment variable, then the web console will be configured to use the certificate inside the keystore for HTTPS operations. -If you do not wish the web console to run, you can disable it by setting the environment variable `MQ_DISABLE_WEB_CONSOLE` to `true`. +If you do not wish the web console to run, you can disable it by setting the environment variable `MQ_BETA_ENABLE_WEB_SERVER` to `false`. diff --git a/docs/internals.md b/docs/internals.md index f98f7e6..3327b28 100644 --- a/docs/internals.md +++ b/docs/internals.md @@ -24,6 +24,7 @@ The `runmqserver` command has the following responsibilities: - Works as PID 1, so is responsible for [reaping zombie processes](https://blog.phusion.nl/2015/01/20/docker-and-the-pid-1-zombie-reaping-problem/) * Creating and starting a queue manager * Configuring the queue manager, by running any MQSC scripts found under `/etc/mqm` +* Starts the MQ web server (if enabled) * Starting Prometheus metrics generation for the queue manager (if enabled) * Indicates to the `chkmqready` command that configuration is complete, and that normal readiness checking can happen. This is done by writing a file into `/run/runmqserver` @@ -36,8 +37,6 @@ The `runmqdevserver` command is added to the MQ Advanced for Developers image on 2. Generates MQSC files to put in `/etc/mqm`, based on a template, which is updated with values based on supplied environment variables. 3. If requested, it creates TLS key stores under `/run/runmqdevserver`, and configures MQ and the web server to use them -A special version of `runmqserver` is used in the developer image, which performs extra actions like starting the web server. This is built using the `mqdev` [build constraint](https://golang.org/pkg/go/build/#hdr-Build_Constraints). - ## Prometheus metrics [Prometheus](https://prometheus.io) metrics are generated for the queue manager as follows: diff --git a/docs/security.md b/docs/security.md index de66ea0..2a79629 100644 --- a/docs/security.md +++ b/docs/security.md @@ -4,7 +4,7 @@ ### User -The MQ server image is run using the "mqm" user. On the Ubuntu-based image, this uses the UID and GID of 999. On the Red Hat Enterprise Linux image, it uses the UID and GID of 888. +The MQ server image is run using the "mqm" user, with a fixed UID and GID of 888. ### Capabilities diff --git a/docs/testing.md b/docs/testing.md index 94aa0cc..447b042 100644 --- a/docs/testing.md +++ b/docs/testing.md @@ -6,13 +6,6 @@ You need to ensure you have the following tools installed: * [GNU make](https://www.gnu.org/software/make/) * [Go](https://golang.org/) - only needed for running the tests * [dep](https://github.com/golang/dep) (official Go dependency management tool) - needed to prepare for running the tests -* [Helm](https://helm.sh) - only needed for running the Kubernetes tests - -### Prerequisites for testing a RedHat image -If you want to test a container image with Red Hat Enterprise Linux as the base OS, then you need to use a host server with Red Hat Enterprise Linux. You must also have the following tools installed: - -* [Yum](http://yum.baseurl.org/) (available in `rhel-7-server-extras`) -* [Buildah](https://buildah.io) (available in `rhel-7-server-extras`) ## Running the tests There are two main sets of tests: diff --git a/incubating/mqadvanced-server-dev/Dockerfile b/incubating/mqadvanced-server-dev/Dockerfile deleted file mode 100644 index 7d077b7..0000000 --- a/incubating/mqadvanced-server-dev/Dockerfile +++ /dev/null @@ -1,86 +0,0 @@ -# © Copyright IBM Corporation 2015, 2019 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ARG BASE_IMAGE=mqadvanced-server-dev-base:9.1.2.0-x86_64-ubuntu-16.04 -ARG BUILDER_IMAGE=mq-golang-sdk:9.1.2.0-x86_64-ubuntu-16.04 - -############################################################################### -# Build stage to build Go code -############################################################################### -FROM $BUILDER_IMAGE as builder -ARG IMAGE_REVISION="Not specified" -ARG IMAGE_SOURCE="Not specified" -ARG IMAGE_TAG="Not specified" -WORKDIR /go/src/github.com/ibm-messaging/mq-container/ -COPY cmd/ ./cmd -COPY internal/ ./internal -COPY vendor/ ./vendor -# Re-build runmqserver, with code tagged with 'mqdev' enabled -RUN go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\" -X \"main.ImageTag=$IMAGE_TAG\"" --tags 'mqdev' ./cmd/runmqserver -RUN go build ./cmd/runmqdevserver/ -# Run all unit tests -RUN go test -v ./cmd/runmqdevserver/... - -############################################################################### -# Main build stage -############################################################################### -FROM $BASE_IMAGE - -# Enable MQ developer default configuration -ENV MQ_DEV=true - -# Default administrator password -ENV MQ_ADMIN_PASSWORD=passw0rd - -ARG MQM_UID=999 - -USER root - -COPY incubating/mqadvanced-server-dev/install-extra-packages.sh /usr/local/bin/ - -RUN chmod u+x /usr/local/bin/install-extra-packages.sh \ - && sleep 1 \ - && install-extra-packages.sh - -# WARNING: This is what allows the mqm user to change the password of any other user -# It's used by runmqdevserver to change the admin/app passwords. -RUN echo "mqm ALL = NOPASSWD: /usr/sbin/chpasswd" > /etc/sudoers.d/mq-dev-config - -## Add admin and app users, and set a default password for admin -RUN useradd admin -G mqm \ - && groupadd mqclient \ - && useradd app -G mqclient \ - && echo admin:$MQ_ADMIN_PASSWORD | chpasswd - -# Create a directory for runtime data from runmqserver -RUN mkdir -p /run/runmqdevserver \ - && chown mqm:mqm /run/runmqdevserver - -COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/runmqserver /usr/local/bin/ -COPY --from=builder /go/src/github.com/ibm-messaging/mq-container/runmqdevserver /usr/local/bin/ - -# Copy template files -COPY incubating/mqadvanced-server-dev/*.tpl /etc/mqm/ -# Copy web XML files for default developer configuration -COPY incubating/mqadvanced-server-dev/web /etc/mqm/web - -RUN chown -R mqm:mqm /etc/mqm/* \ - && chmod +x /usr/local/bin/runmq* \ - && install --directory --mode 0775 --owner mqm --group root /run/runmqdevserver - -EXPOSE 9443 - -USER $MQM_UID - -ENTRYPOINT ["runmqdevserver"] diff --git a/incubating/mqadvanced-server-dev/entrypoint.sh b/incubating/mqadvanced-server-dev/entrypoint.sh deleted file mode 100644 index 1c3a424..0000000 --- a/incubating/mqadvanced-server-dev/entrypoint.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -# Change admin password -if [ -n "${MQ_ADMIN_PASSWORD}" ]; then - echo admin:${MQ_ADMIN_PASSWORD} | chpasswd -fi -# Change app password -if [ -n "${MQ_APP_PASSWORD}" ]; then - echo app:${MQ_APP_PASSWORD} | chpasswd -fi - -# Delete the MQSC with developer defaults, if requested -if [ "${MQ_DEV}" != "true" ]; then - rm -f /etc/mqm/dev.mqsc -fi - -exec runmqserver \ No newline at end of file diff --git a/incubating/mqadvanced-server-dev/install-extra-packages.sh b/incubating/mqadvanced-server-dev/install-extra-packages.sh index fd3fa8a..3702bed 100644 --- a/incubating/mqadvanced-server-dev/install-extra-packages.sh +++ b/incubating/mqadvanced-server-dev/install-extra-packages.sh @@ -15,7 +15,8 @@ # See the License for the specific language governing permissions and # limitations under the License. -test -f /usr/bin/yum && RHEL=true || RHEL=false +test -f /usr/bin/yum && YUM=true || YUM=false +test -f /usr/bin/microdnf && MICRODNF=true || MICRODNF=false test -f /usr/bin/apt-get && UBUNTU=true || UBUNTU=false if ($UBUNTU); then @@ -25,8 +26,13 @@ if ($UBUNTU); then rm -rf /var/lib/apt/lists/* fi -if ($RHEL); then +if ($YUM); then yum -y install sudo yum -y clean all rm -rf /var/cache/yum/* fi + +if ($MICRODNF); then + microdnf install --nodocs sudo + microdnf clean all +fi \ No newline at end of file diff --git a/install-mq-server-prereqs.sh b/install-mq-server-prereqs.sh new file mode 100644 index 0000000..7b54428 --- /dev/null +++ b/install-mq-server-prereqs.sh @@ -0,0 +1,87 @@ +#!/bin/bash +# -*- mode: sh -*- +# © Copyright IBM Corporation 2015, 2019 +# +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Fail on any non-zero return code +set -ex + +test -f /usr/bin/yum && YUM=true || YUM=false +test -f /usr/bin/microdnf && MICRODNF=true || MICRODNF=false +test -f /usr/bin/rpm && RPM=true || RPM=false +test -f /usr/bin/apt-get && UBUNTU=true || UBUNTU=false + +# If MQ_PACKAGES isn't specifically set, then choose a valid set of defaults +if [ -z "$MQ_PACKAGES" ]; then + $UBUNTU && MQ_PACKAGES="ibmmq-server ibmmq-java ibmmq-jre ibmmq-gskit ibmmq-msg-.* ibmmq-samples ibmmq-ams" + $RPM && MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesAMS-*.rpm" +fi + +if ($UBUNTU); then + export DEBIAN_FRONTEND=noninteractive + # Use a reduced set of apt repositories. + # This ensures no unsupported code gets installed, and makes the build faster + source /etc/os-release + # Figure out the correct apt URL based on the CPU architecture + CPU_ARCH=$(uname -p) + if [ ${CPU_ARCH} == "x86_64" ]; then + APT_URL="http://archive.ubuntu.com/ubuntu/" + else + APT_URL="http://ports.ubuntu.com/ubuntu-ports/" + fi + # Use a reduced set of apt repositories. + # This ensures no unsupported code gets installed, and makes the build faster + echo "deb ${APT_URL} ${UBUNTU_CODENAME} main restricted" > /etc/apt/sources.list + echo "deb ${APT_URL} ${UBUNTU_CODENAME}-updates main restricted" >> /etc/apt/sources.list + echo "deb ${APT_URL} ${UBUNTU_CODENAME}-security main restricted" >> /etc/apt/sources.list + # Install additional packages required by MQ, this install process and the runtime scripts + apt-get update + apt-get install -y --no-install-recommends \ + bash \ + bc \ + ca-certificates \ + coreutils \ + curl \ + debianutils \ + file \ + findutils \ + gawk \ + grep \ + libc-bin \ + mount \ + passwd \ + procps \ + sed \ + tar \ + util-linux +fi + +if ($RPM); then + EXTRA_RPMS="bash bc ca-certificates coreutils file findutils gawk glibc-common grep passwd procps-ng sed shadow-utils tar util-linux which" + # Install additional packages required by MQ, this install process and the runtime scripts + $YUM && yum -y install --setopt install_weak_deps=false ${EXTRA_RPMS} + $MICRODNF && microdnf install --nodocs ${EXTRA_RPMS} +fi + +# Apply any bug fixes not included in base Ubuntu or MQ image. +# Don't upgrade everything based on Docker best practices https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run +$UBUNTU && apt-get install -y libapparmor1 libsystemd0 systemd systemd-sysv libudev1 perl-base --only-upgrade +# End of bug fixes + +# Clean up cached files +$UBUNTU && rm -rf /var/lib/apt/lists/* +$YUM && yum -y clean all +$YUM && rm -rf /var/cache/yum/* +$MICRODNF && microdnf clean all diff --git a/install-mq.sh b/install-mq.sh index 533e7d0..901ab80 100644 --- a/install-mq.sh +++ b/install-mq.sh @@ -18,90 +18,19 @@ # Fail on any non-zero return code set -ex -mqm_uid=${1:-999} +mqm_uid=${1:-888} -test -f /usr/bin/yum && RHEL=true || RHEL=false +test -f /usr/bin/yum && YUM=true || YUM=false +test -f /usr/bin/microdnf && MICRODNF=true || MICRODNF=false +test -f /usr/bin/rpm && RPM=true || RPM=false test -f /usr/bin/apt-get && UBUNTU=true || UBUNTU=false -# If MQ_PACKAGES isn't specifically set, then choose a valid set of defaults -if [ -z "$MQ_PACKAGES" ]; then - $UBUNTU && MQ_PACKAGES="ibmmq-server ibmmq-java ibmmq-jre ibmmq-gskit ibmmq-msg-.* ibmmq-samples ibmmq-ams" - $RHEL && MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesAMS-*.rpm" -fi - -if ($UBUNTU); then - export DEBIAN_FRONTEND=noninteractive - # Use a reduced set of apt repositories. - # This ensures no unsupported code gets installed, and makes the build faster - source /etc/os-release - # Figure out the correct apt URL based on the CPU architecture - CPU_ARCH=$(uname -p) - if [ ${CPU_ARCH} == "x86_64" ]; then - APT_URL="http://archive.ubuntu.com/ubuntu/" - else - APT_URL="http://ports.ubuntu.com/ubuntu-ports/" - fi - # Use a reduced set of apt repositories. - # This ensures no unsupported code gets installed, and makes the build faster - echo "deb ${APT_URL} ${UBUNTU_CODENAME} main restricted" > /etc/apt/sources.list - echo "deb ${APT_URL} ${UBUNTU_CODENAME}-updates main restricted" >> /etc/apt/sources.list - echo "deb ${APT_URL} ${UBUNTU_CODENAME}-security main restricted" >> /etc/apt/sources.list - # Install additional packages required by MQ, this install process and the runtime scripts - apt-get update - apt-get install -y --no-install-recommends \ - bash \ - bc \ - ca-certificates \ - coreutils \ - curl \ - debianutils \ - file \ - findutils \ - gawk \ - grep \ - libc-bin \ - mount \ - passwd \ - procps \ - sed \ - tar \ - util-linux -fi - -# Install additional packages required by MQ, this install process and the runtime scripts -$RHEL && yum -y install \ - bash \ - bc \ - ca-certificates \ - coreutils \ - curl \ - file \ - findutils \ - gawk \ - glibc-common \ - grep \ - passwd \ - procps-ng \ - sed \ - tar \ - util-linux - # Download and extract the MQ installation files DIR_EXTRACT=/tmp/mq mkdir -p ${DIR_EXTRACT} cd ${DIR_EXTRACT} curl -LO $MQ_URL -tar -zxvf ./*.tar.gz - -# Remove packages only needed by this script -$UBUNTU && apt-get purge -y \ - ca-certificates \ - curl - -# Note: ca-certificates and curl are installed by default in RHEL - -# Remove any orphaned packages -$UBUNTU && apt-get autoremove -y +tar -zxf ./*.tar.gz # Recommended: Create the mqm user ID with a fixed UID and group, so that the file permissions work between different images groupadd --system --gid ${mqm_uid} mqm @@ -109,7 +38,7 @@ useradd --system --uid ${mqm_uid} --gid mqm --groups 0 mqm # Find directory containing .deb files $UBUNTU && DIR_DEB=$(find ${DIR_EXTRACT} -name "*.deb" -printf "%h\n" | sort -u | head -1) -$RHEL && DIR_RPM=$(find ${DIR_EXTRACT} -name "*.rpm" -printf "%h\n" | sort -u | head -1) +$RPM && DIR_RPM=$(find ${DIR_EXTRACT} -name "*.rpm" -printf "%h\n" | sort -u | head -1) # Find location of mqlicense.sh MQLICENSE=$(find ${DIR_EXTRACT} -name "mqlicense.sh") @@ -121,10 +50,11 @@ $UBUNTU && echo "deb [trusted=yes] file:${DIR_DEB} ./" > /etc/apt/sources.list.d $UBUNTU && apt-get update $UBUNTU && apt-get install -y $MQ_PACKAGES -$RHEL && cd $DIR_RPM && rpm -ivh $MQ_PACKAGES +$RPM && cd $DIR_RPM && rpm -ivh $MQ_PACKAGES # Remove 32-bit libraries from 64-bit container -find /opt/mqm /var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f +# The "file" utility isn't installed by default in UBI, so only try this if it's installed +which file && find /opt/mqm /var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f # Remove tar.gz files unpacked by RPM postinst scripts find /opt/mqm -name '*.tar.gz' -delete @@ -136,16 +66,6 @@ find /opt/mqm -name '*.tar.gz' -delete $UBUNTU && rm -f /etc/apt/sources.list.d/IBM_MQ.list rm -rf ${DIR_EXTRACT} -# Apply any bug fixes not included in base Ubuntu or MQ image. -# Don't upgrade everything based on Docker best practices https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#run -$UBUNTU && apt-get install -y libapparmor1 libsystemd0 systemd systemd-sysv libudev1 perl-base --only-upgrade -# End of bug fixes - -# Clean up cached files -$UBUNTU && rm -rf /var/lib/apt/lists/* -$RHEL && yum -y clean all -$RHEL && rm -rf /var/cache/yum/* - # Optional: Update the command prompt with the MQ version $UBUNTU && echo "mq:$(dspmqver -b -f 2)" > /etc/debian_chroot @@ -172,5 +92,20 @@ sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' /etc/login.defs sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' /etc/login.defs $UBUNTU && PAM_FILE=/etc/pam.d/common-password -$RHEL && PAM_FILE=/etc/pam.d/password-auth +$RPM && PAM_FILE=/etc/pam.d/password-auth sed -i 's/password\t\[success=1 default=ignore\]\tpam_unix\.so obscure sha512/password\t[success=1 default=ignore]\tpam_unix.so obscure sha512 minlen=8/' $PAM_FILE + +if ($RPM); then + install --directory --mode 0444 --owner mqm --group root /licenses + NOTICES="/licenses/installed_package_notices" + touch ${NOTICES} + chmod 0444 ${NOTICES} + set +x + for p in $(rpm -qa | sort) + do + rpm -qi $p >> ${NOTICES} + printf "\n" >> ${NOTICES} + printf "$p\n" + done + set -x +fi \ No newline at end of file diff --git a/mq-advanced-server-rhel/README.md b/mq-advanced-server-rhel/README.md index ad6e438..959ac58 100644 --- a/mq-advanced-server-rhel/README.md +++ b/mq-advanced-server-rhel/README.md @@ -1,3 +1,5 @@ # RHEL-based container build -Build scripts for building a container image based on Red Hat Enterprise Linux (RHEL), using the [`buildah`](https://github.com/containers/buildah) tool. buildah is supported on RHEL V7.5 and greater. \ No newline at end of file +Build scripts for building a container image based on Red Hat Enterprise Linux (RHEL), using the [`buildah`](https://github.com/containers/buildah) tool. buildah is supported on RHEL V7.5 and greater. + +WARNING: The code in this directory is not currently in use, pending deletion. The MQ container is now built using a Red Hat UBI image, using "podman build". diff --git a/test/docker/devconfig_test.go b/test/docker/devconfig_test.go index 68122da..66a2740 100644 --- a/test/docker/devconfig_test.go +++ b/test/docker/devconfig_test.go @@ -1,7 +1,7 @@ // +build mqdev /* -© Copyright IBM Corporation 2018 +© Copyright IBM Corporation 2018, 2019 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -138,7 +138,7 @@ func TestDevWebDisabled(t *testing.T) { Env: []string{ "LICENSE=accept", "MQ_QMGR_NAME=qm1", - "MQ_DISABLE_WEB_CONSOLE=true", + "MQ_BETA_ENABLE_WEB_SERVER=false", }, } id := runContainer(t, cli, &containerConfig) diff --git a/test/docker/docker_api_test.go b/test/docker/docker_api_test.go index e06b91c..489e1be 100644 --- a/test/docker/docker_api_test.go +++ b/test/docker/docker_api_test.go @@ -24,7 +24,6 @@ import ( "os" "path/filepath" "regexp" - "runtime" "strconv" "strings" "testing" @@ -34,8 +33,6 @@ import ( "github.com/docker/docker/api/types/network" "github.com/docker/docker/client" "github.com/docker/go-connections/nat" - - "github.com/ibm-messaging/mq-container/internal/command" ) func TestLicenseNotSet(t *testing.T) { @@ -112,75 +109,41 @@ func goldenPath(t *testing.T, metric bool) { stopContainer(t, cli, id) } -// TestSecurityVulnerabilitiesUbuntu checks for any vulnerabilities in the image, as reported -// by Ubuntu -func TestSecurityVulnerabilitiesUbuntu(t *testing.T) { - t.Parallel() - - cli, err := client.NewEnvClient() - if err != nil { - t.Fatal(err) - } - rc, _ := runContainerOneShot(t, cli, "bash", "-c", "test -d /etc/apt") - if rc != 0 { - t.Skip("Skipping test because container is not Ubuntu-based") - } - // Override the entrypoint to make "apt" only receive security updates, then check for updates - var url string - if runtime.GOARCH == "amd64" { - url = "http://security.ubuntu.com/ubuntu/" - } else { - url = "http://ports.ubuntu.com/ubuntu-ports/" - } - rc, log := runContainerOneShot(t, cli, "bash", "-c", "source /etc/os-release && echo \"deb "+url+" ${VERSION_CODENAME}-security main restricted\" > /etc/apt/sources.list && apt-get update 2>&1 >/dev/null && apt-get --simulate -qq upgrade") - if rc != 0 { - t.Fatalf("Expected success, got %v", rc) - } - lines := strings.Split(strings.TrimSpace(log), "\n") - if len(lines) > 0 && lines[0] != "" { - t.Errorf("Expected no vulnerabilities, found the following:\n%v", log) - } -} - -// TestSecurityVulnerabilitiesRedHat checks for any vulnerabilities in the image, as reported +// TestSecurityVulnerabilities checks for any vulnerabilities in the image, as reported // by Red Hat -func TestSecurityVulnerabilitiesRedHat(t *testing.T) { +func TestSecurityVulnerabilities(t *testing.T) { t.Parallel() cli, err := client.NewEnvClient() if err != nil { t.Fatal(err) } - _, ret, _ := command.Run("bash", "-c", "test -f /etc/redhat-release") - if ret != 0 { - t.Skip("Skipping test because host is not RedHat-based") - } - rc, _ := runContainerOneShot(t, cli, "bash", "-c", "test -f /etc/redhat-release") + rc, _ := runContainerOneShot(t, cli, "bash", "-c", "command -v microdnf && test -e /etc/yum.repos.d/ubi.repo") if rc != 0 { - t.Skip("Skipping test because container is not RedHat-based") - } - id, _, err := command.Run("sudo", "buildah", "from", imageName()) - if err != nil { - t.Log(id) - t.Fatal(err) - } - id = strings.TrimSpace(id) - defer command.Run("buildah", "rm", id) - mnt, _, err := command.Run("sudo", "buildah", "mount", id) - if err != nil { - t.Log(mnt) - t.Fatal(err) - } - mnt = strings.TrimSpace(mnt) - out, _, err := command.Run("bash", "-c", "sudo cp /etc/yum.repos.d/* "+filepath.Join(mnt, "/etc/yum.repos.d/")) - if err != nil { - t.Log(out) - t.Fatal(err) - } - out, ret, _ = command.Run("bash", "-c", "yum --installroot="+mnt+" updateinfo list sec | grep /Sec") - if ret != 1 { - t.Errorf("Expected no vulnerabilities, found the following:\n%v", out) + t.Skip("Skipping test because container is based on ubi-minimal, which doesn't include yum") } + // id, _, err := command.Run("sudo", "buildah", "from", imageName()) + // if err != nil { + // t.Log(id) + // t.Fatal(err) + // } + // id = strings.TrimSpace(id) + // defer command.Run("buildah", "rm", id) + // mnt, _, err := command.Run("sudo", "buildah", "mount", id) + // if err != nil { + // t.Log(mnt) + // t.Fatal(err) + // } + // mnt = strings.TrimSpace(mnt) + // out, _, err := command.Run("bash", "-c", "sudo cp /etc/yum.repos.d/* "+filepath.Join(mnt, "/etc/yum.repos.d/")) + // if err != nil { + // t.Log(out) + // t.Fatal(err) + // } + // out, ret, _ := command.Run("bash", "-c", "yum --installroot="+mnt+" updateinfo list sec | grep /Sec") + // if ret != 1 { + // t.Errorf("Expected no vulnerabilities, found the following:\n%v", out) + // } } func utilTestNoQueueManagerName(t *testing.T, hostName string, expectedName string) {