Create IBM MQ RHEL Buildah build (#192)

* Buildah containerized Go build

* Minor fixes to buildah build

* Move and rename files for RHEL build

* Create MQ RHEL buildah build

mq-advanced-server-rhel/README.md

@@ -0,0 +1,7 @@
+This is a work-in-progress for a Docker image based on Red Hat Enterprise Linux (RHEL).
+
+The current MQ container build requires Docker V17.05 or greater (required features include multi-stage Docker build, and "ARG"s in the "FROM" statement).  Red Hat Enterprise Linux V7.5 includes Docker up to version V1.13.
+
+In order to build images with Red Hat Enterprise Linux, license registration is required.  The license of the host server can be used, as long as you either use Red Hat's patched version of Docker (which is an old version), or if you use alternative container management tools such as [`buildah`](https://github.com/projectatomic/buildah/) and `podman` (from [`libpod`](https://github.com/projectatomic/libpod)).
+
+This directory contains scripts for building with `buildah`.  The build itself isn't containerized, so more software than usual is needed on the RHEL host, so an Ansible playbook is also provided to help set up the host.

mq-advanced-server-rhel/go-build.sh

@@ -0,0 +1,47 @@
+#!/bin/bash
+# -*- mode: sh -*-
+# © Copyright IBM Corporation 2018
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Builds and tests the golang programs used by the MQ image.
+
+set -e
+
+cd $GOPATH/src/github.com/ibm-messaging/mq-container/
+
+# Build and test the Go code
+mkdir -p build
+cd build
+
+rm -f chkmqready chkmqhealthy runmqserver runmqdevserver
+
+if [ "$MQDEV" = "TRUE" ]; then 
+    # Build and test the Go code
+    go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\"" --tags 'mqdev' ../cmd/runmqserver/
+    go build ../cmd/runmqdevserver/
+else 
+    go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\"" ../cmd/runmqserver/
+fi
+
+go build ../cmd/chkmqready/
+go build ../cmd/chkmqhealthy/
+go test -v ../cmd/runmqserver/
+go test -v ../cmd/chkmqready/
+go test -v ../cmd/chkmqhealthy/
+if [ "$MQDEV" = "TRUE" ]; then 
+    go test -v ../cmd/runmqdevserver
+fi
+go test -v ../internal/...
+go vet ../cmd/... ../internal/...

mq-advanced-server-rhel/go-buildah.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+# -*- mode: sh -*-
+# © Copyright IBM Corporation 2018
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Run the Go build script inside the Go container, mounting the source
+# directory in
+
+readonly tag=$1
+readonly dev=$2
+
+IMAGE_REVISION=${IMAGE_REVISION:="Not Applicable"}
+IMAGE_SOURCE=${IMAGE_SOURCE:="Not Applicable"}
+
+podman run \
+  --volume ${PWD}:/go/src/github.com/ibm-messaging/mq-container/ \
+  --env GOPATH=/go \
+  --env IMAGE_REVISION="$IMAGE_REVISION" \
+  --env IMAGE_SOURCE="$IMAGE_SOURCE" \
+  --env MQDEV=${dev} \
+  ${tag} \
+  bash -c "cd /go/src/github.com/ibm-messaging/mq-container/ && ./mq-advanced-server-rhel/go-build.sh"

mq-advanced-server-rhel/install-mq-rhel.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+# -*- mode: sh -*-
+# © Copyright IBM Corporation 2018
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Install one or more MQ components into a buildah container
+
+set -ex
+
+readonly ctr=$1
+readonly scratchmnt=$2
+readonly archive=$3
+readonly mq_packages=$4
+readonly dir_extract=/tmp/extract
+
+groupadd --root $scratchmnt --system --gid 888 mqm
+useradd --root $scratchmnt --system --uid 888 --gid mqm mqm
+usermod --root $scratchmnt -aG root mqm
+usermod --root $scratchmnt -aG mqm root
+
+if [ ! -d ${dir_extract}/MQServer ]; then
+  mkdir -p ${dir_extract}
+  echo Extracting $archive
+  tar -zxf $archive -C ${dir_extract}
+  echo Extracting finished
+fi
+
+# If MQ_PACKAGES isn't specifically set, then choose a valid set of defaults
+
+
+# Accept the MQ license
+buildah run --volume ${dir_extract}:/mnt/mq-download $ctr -- /mnt/mq-download/MQServer/mqlicense.sh -text_only -accept
+
+buildah run --volume ${dir_extract}:/mnt/mq-download $ctr -- bash -c "cd /mnt/mq-download/MQServer && rpm -ivh $mq_packages"
+
+rm -rf ${dir_extract}/MQServer
+
+# Remove 32-bit libraries from 64-bit container
+find $scratchmnt/opt/mqm $scratchmnt/var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f
+
+# Remove tar.gz files unpacked by RPM postinst scripts
+find $scratchmnt/opt/mqm -name '*.tar.gz' -delete
+
+# Recommended: Set the default MQ installation (makes the MQ commands available on the PATH)
+buildah run $ctr -- /opt/mqm/bin/setmqinst -p /opt/mqm -i
+
+# Optional: Set these values for the IBM Cloud Vulnerability Report
+sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' $scratchmnt/etc/login.defs
+sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' $scratchmnt/etc/login.defs
+sed -i 's/password\t\[success=1 default=ignore\]\tpam_unix\.so obscure sha512/password\t[success=1 default=ignore]\tpam_unix.so obscure sha512 minlen=8/' $scratchmnt/etc/pam.d/password-auth

mq-advanced-server-rhel/mq-buildah.sh

@@ -0,0 +1,115 @@
+#!/bin/bash
+# -*- mode: sh -*-
+# © Copyright IBM Corporation 2018
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Build a RHEL image, using the buildah tool
+# Usage
+# mq-buildah.sh ARCHIVEFILE PACKAGES
+
+set -x
+set -e
+
+###############################################################################
+# Setup MQ server working container
+###############################################################################
+
+# Use a "scratch" container, so the resulting image has minimal files
+# Resulting image won't have yum, for example
+readonly ctr_mq=$(buildah from scratch)
+readonly mnt_mq=$(buildah mount $ctr_mq)
+readonly archive=downloads/$1
+readonly packages=$2
+readonly tag=$3
+readonly version=$4
+readonly mqdev=$5
+
+# Initialize yum for use with the scratch container
+rpm --root $mnt_mq --initdb
+
+yumdownloader --destdir=/tmp redhat-release-server
+rpm --root $mnt_mq -ihv /tmp/redhat-release-server*.rpm || true
+
+###############################################################################
+# Install MQ server
+###############################################################################
+
+# Install the packages required by MQ
+yum install -y --installroot=${mnt_mq} --setopt install_weak_deps=false --setopt=tsflags=nodocs --setopt=override_install_langs=en_US.utf8 \
+  bash \
+  bc \
+  coreutils \
+  file \
+  findutils \
+  gawk \
+  glibc-common \
+  grep \
+  passwd \
+  procps-ng \
+  sed \
+  tar \
+  util-linux
+
+# Clean up cached files
+yum clean all --installroot=${mnt_mq}
+rm -rf ${mnt_mq}/var/cache/yum/*
+
+# Install MQ server packages into the MQ builder image
+./mq-advanced-server-rhel/install-mq-rhel.sh ${ctr_mq} "${mnt_mq}" "${archive}" "${packages}"
+
+# Remove the directory structure under /var/mqm which was created by the installer
+rm -rf ${mnt_mq}/var/mqm
+
+# Create the directory for MQ configuration files
+mkdir -p ${mnt_mq}/etc/mqm
+chown 888:888 ${mnt_mq}/etc/mqm
+
+# Install the Go binaries into the image
+install --mode 0750 --owner 888 --group 888 ./build/runmqserver ${mnt_mq}/usr/local/bin/
+install --mode 6750 --owner 888 --group 888 ./build/chk* ${mnt_mq}/usr/local/bin/
+install --mode 0750 --owner 888 --group 888 ./NOTICES.txt ${mnt_mq}/opt/mqm/licenses/notices-container.txt
+
+###############################################################################
+# Final Buildah commands
+###############################################################################
+
+if [ "$mqdev" = "TRUE" ]; then
+  OSTAG="mq messaging developer"
+  DISNAME="IBM MQ Advanced Server Developer Edition"
+else
+  OSTAG="mq messaging"
+  DISNAME="IBM MQ Advanced Server"
+fi
+
+
+
+buildah config \
+  --port 1414/tcp \
+  --port 9157/tcp \
+  --os linux \
+  --label architecture=x86_64 \
+  --label io.openshift.tags="$OSTAG" \
+  --label io.k8s.display-name="$DISNAME" \
+  --label io.k8s.description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
+  --label name="${tag%:*}" \
+  --label vendor="IBM" \
+  --label version="$version" \
+  --env AMQ_ADDITIONAL_JSON_LOG=1 \
+  --env LANG=en_US.UTF-8 \
+  --env LOG_FORMAT=basic \
+  --entrypoint runmqserver \
+  $ctr_mq
+buildah unmount $ctr_mq
+buildah commit $ctr_mq $tag

mq-advanced-server-rhel/mq-golang-sdk-buildah.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+# -*- mode: sh -*-
+# © Copyright IBM Corporation 2018
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Build a RHEL image for building Go programs which use MQ
+
+set -ex
+readonly mq_archive=downloads/$1
+readonly tag=$2
+# Use plain RHEL 7 container
+# Note: Red Hat's devtools/go-toolset-7-rhel7 image doesn't allow use of 'root'
+# user required for installing the MQ SDK
+readonly ctr=$(buildah from rhel7)
+readonly mnt=$(buildah mount $ctr)
+
+# Enable Yum repository for "optional" RPMs, which is needed for "golang"
+buildah run ${ctr} -- yum-config-manager --enable rhel-7-server-optional-rpms
+# Install Go compiler
+buildah run ${ctr} -- yum install -y golang git gcc
+# Install the MQ SDK into the Go builder image
+./mq-advanced-server-rhel/install-mq-rhel.sh ${ctr} "${mnt}" "${mq_archive}" "MQSeriesRuntime-*.rpm MQSeriesSDK-*.rpm MQSeriesSamples*.rpm"
+# Clean up Yum files
+buildah run ${ctr} -- yum clean all --releasever 7
+rm -rf ${mnt}/var/cache/yum/*
+buildah unmount ${ctr}
+# Set environment variables for MQ/Go compilation
+buildah config \
+  --os linux \
+  --env CGO_CFLAGS="-I/opt/mqm/inc/" \
+  --env CGO_LDFLAGS_ALLOW="-Wl,-rpath.*" \
+  ${ctr}
+buildah commit ${ctr} ${tag}

mq-advanced-server-rhel/mqdev-buildah.sh

@@ -0,0 +1,81 @@
+#!/bin/bash
+# -*- mode: sh -*-
+# © Copyright IBM Corporation 2018
+#
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Build a RHEL image, using the buildah tool
+# Usage
+# mq-buildah.sh ARCHIVEFILE PACKAGES
+
+set -x
+set -e
+
+###############################################################################
+# Setup MQ server working container
+###############################################################################
+
+# Use a "scratch" container, so the resulting image has minimal files
+# Resulting image won't have yum, for example
+readonly basetag=$1
+readonly ctr_mq=$(buildah from $basetag)
+readonly mnt_mq=$(buildah mount $ctr_mq)
+readonly tag=$2
+readonly version=$3
+
+
+useradd --root $mnt_mq --system --uid 889 --gid mqm admin
+groupadd --root $mnt_mq --system --gid 890 mqclient
+useradd --root $mnt_mq --system --uid 890 --gid mqclient mqclient
+
+buildah run $ctr -- echo admin:passw0rd | chpasswd
+
+mkdir -p $mnt_mq/run/runmqdevserver
+chown 888:888 $mnt_mq/run/runmqdevserver
+
+# Copy runmqdevserver program
+install --mode 0750 --owner 888 --group 888 ./build/runmqdevserver ${mnt_mq}/usr/local/bin/
+
+# Copy template files
+cp incubating/mqadvanced-server-dev/*.tpl ${mnt_mq}/etc/mqm/
+
+# Copy web XML files for default developer configuration
+cp -R incubating/mqadvanced-server-dev/web ${mnt_mq}/etc/mqm/web
+
+###############################################################################
+# Final Buildah commands
+###############################################################################
+
+buildah config \
+  --port 1414/tcp \
+  --port 9157/tcp \
+  --port 9443/tcp \
+  --os linux \
+  --label architecture=x86_64 \
+  --label io.openshift.tags="mq messaging developer" \
+  --label io.k8s.display-name="IBM MQ Advanced Server Developer Edition" \
+  --label io.k8s.description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
+  --label name="${tag%:*}" \
+  --label vendor="IBM" \
+  --label version="$version" \
+  --env AMQ_ADDITIONAL_JSON_LOG=1 \
+  --env LANG=en_US.UTF-8 \
+  --env LOG_FORMAT=basic \
+  --env MQ_ADMIN_PASSWORD=passw0rd \
+  --env MQ_DEV=true \
+  --entrypoint runmqdevserver \
+  $ctr_mq
+buildah unmount $ctr_mq
+buildah commit $ctr_mq $tag
+