Initial RHEL image build
This commit is contained in:
Arthur Barr
7
incubating/mq-advanced-server-rhel/README.md
Normal file
7
incubating/mq-advanced-server-rhel/README.md
Normal file
@@ -0,0 +1,7 @@
|
||||
This is a work-in-progress for a Docker image based on Red Hat Enterprise Linux (RHEL).
|
||||
|
||||
The current MQ container build requires Docker V17.05 or greater (required features include multi-stage Docker build, and "ARG"s in the "FROM" statement). Red Hat Enterprise Linux V7.5 includes Docker up to version V1.13.
|
||||
|
||||
In order to build images with Red Hat Enterprise Linux, license registration is required. The license of the host server can be used, as long as you either use Red Hat's patched version of Docker (which is an old version), or if you use alternative container management tools such as [`buildah`](https://github.com/projectatomic/buildah/) and `podman` (from [`libpod`](https://github.com/projectatomic/libpod)).
|
||||
|
||||
This directory contains scripts for building with `buildah`. The build itself isn't containerized, so more software than usual is needed on the RHEL host, so an Ansible playbook is also provided to help set up the host.
|
||||
1
incubating/mq-advanced-server-rhel/ansible/.gitignore
vendored
Normal file
1
incubating/mq-advanced-server-rhel/ansible/.gitignore
vendored
Normal file
@@ -0,0 +1 @@
|
||||
hosts
|
||||
62
incubating/mq-advanced-server-rhel/ansible/rhel-build.yaml
Normal file
62
incubating/mq-advanced-server-rhel/ansible/rhel-build.yaml
Normal file
@@ -0,0 +1,62 @@
|
||||
# © Copyright IBM Corporation 2018
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
---
|
||||
# Sets up a server for building the Red Hat image.
|
||||
- hosts: rhbuild
|
||||
become: true
|
||||
any_errors_fatal: true
|
||||
tasks:
|
||||
- name: install buildah
|
||||
package:
|
||||
name: buildah
|
||||
state: present
|
||||
when: ansible_distribution == "RedHat"
|
||||
- name: install podman
|
||||
package:
|
||||
name: buildah
|
||||
state: present
|
||||
when: ansible_distribution == "RedHat"
|
||||
- name: install golang
|
||||
package:
|
||||
name: golang
|
||||
state: absent
|
||||
- name: install make
|
||||
package:
|
||||
name: make
|
||||
state: present
|
||||
- name: install git
|
||||
package:
|
||||
name: git
|
||||
state: present
|
||||
- name: install golang 1.10 from TAR
|
||||
unarchive:
|
||||
src: "https://dl.google.com/go/go1.10.3.linux-amd64.tar.gz"
|
||||
dest: "/usr/local"
|
||||
remote_src: yes
|
||||
# TODO: Re-factor to use get_url first, so we can use the checksum
|
||||
#checksum: sha256:fa1b0e45d3b647c252f51f5e1204aba049cde4af177ef9f2181f43004f901035
|
||||
creates: /usr/local/go/doc/go1.10.html
|
||||
- name: add golang to PATH
|
||||
copy:
|
||||
dest: "/etc/profile.d/golang.sh"
|
||||
content: |
|
||||
PATH=$PATH:/usr/local/go/bin
|
||||
- name: install dep from GitHub
|
||||
get_url:
|
||||
url: https://github.com/golang/dep/releases/download/v0.4.1/dep-linux-amd64
|
||||
dest: /usr/local/bin/dep
|
||||
mode: 0755
|
||||
checksum: sha256:31144e465e52ffbc0035248a10ddea61a09bf28b00784fd3fdd9882c8cbb2315
|
||||
when: ansible_architecture == "x86_64"
|
||||
# TODO: Install MQ SDK
|
||||
141
incubating/mq-advanced-server-rhel/buildah.sh
Normal file
141
incubating/mq-advanced-server-rhel/buildah.sh
Normal file
@@ -0,0 +1,141 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh -*-
|
||||
# © Copyright IBM Corporation 2018
|
||||
#
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# Build a RHEL image, using the buildah tool
|
||||
|
||||
set -x
|
||||
set -e
|
||||
|
||||
MQ_ARCHIVE=downloads/mqadv_dev905_linux_x86-64.tar.gz
|
||||
MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesAMS-*.rpm"
|
||||
|
||||
# Use a "scratch" container, so the resulting image has minimal files
|
||||
# Resulting image won't have yum, for example
|
||||
ctr=$(buildah from scratch)
|
||||
scratchmnt=$(buildah mount $ctr)
|
||||
|
||||
# Initialize yum for use with the scratch container
|
||||
rpm --root $scratchmnt --initdb
|
||||
yum install yum-utils
|
||||
yumdownloader --destdir=/tmp redhat-release-server
|
||||
rpm --root $scratchmnt -ihv /tmp/redhat-release-server*.rpm
|
||||
|
||||
# Install the packages required by MQ
|
||||
yum install -y --installroot=$scratchmnt \
|
||||
bash \
|
||||
bc \
|
||||
coreutils \
|
||||
file \
|
||||
findutils \
|
||||
gawk \
|
||||
glibc-common \
|
||||
grep \
|
||||
passwd \
|
||||
procps-ng \
|
||||
sed \
|
||||
tar \
|
||||
util-linux
|
||||
|
||||
# Clean up cached files
|
||||
yum clean all --installroot=$scratchmnt
|
||||
rm -rf $scratchmnt/var/cache/yum/*
|
||||
|
||||
groupadd --root $scratchmnt --system --gid 888 mqm
|
||||
useradd --root $scratchmnt --system --uid 888 --gid mqm mqm
|
||||
usermod --root $scratchmnt -G root mqm
|
||||
|
||||
DIR_EXTRACT=$scratchmnt/tmp/extract
|
||||
mkdir -p $scratchmnt/tmp/extract
|
||||
tar -zxvf ${MQ_ARCHIVE} -C ${DIR_EXTRACT}
|
||||
DIR_RPM=$(find ${DIR_EXTRACT} -name "*.rpm" -printf "%h\n" | sort -u | head -1)
|
||||
DIR_RPM=${DIR_RPM#$scratchmnt}
|
||||
#DIR_RPM=$(buildah run $ctr -- find ${DIR_EXTRACT} -name "*.rpm" -printf "%h\n" | sort -u | head -1)
|
||||
# Find location of mqlicense.sh
|
||||
#MQLICENSE=$(buildah run $ctr -- find ${DIR_EXTRACT} -name "mqlicense.sh")
|
||||
MQLICENSE=$(find ${DIR_EXTRACT} -name "mqlicense.sh")
|
||||
MQLICENSE=${MQLICENSE#$scratchmnt}
|
||||
|
||||
# Accept the MQ license
|
||||
buildah run $ctr -- ${MQLICENSE} -text_only -accept
|
||||
|
||||
buildah run $ctr -- bash -c "cd $DIR_RPM && rpm -ivh $MQ_PACKAGES"
|
||||
rm -rf ${DIR_EXTRACT}
|
||||
|
||||
# Remove 32-bit libraries from 64-bit container
|
||||
find $scratchmnt/opt/mqm $scratchmnt/var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f
|
||||
|
||||
# Remove tar.gz files unpacked by RPM postinst scripts
|
||||
find $scratchmnt/opt/mqm -name '*.tar.gz' -delete
|
||||
|
||||
# Recommended: Set the default MQ installation (makes the MQ commands available on the PATH)
|
||||
buildah run $ctr -- /opt/mqm/bin/setmqinst -p /opt/mqm -i
|
||||
|
||||
# Remove the directory structure under /var/mqm which was created by the installer
|
||||
rm -rf $scratchmnt/var/mqm
|
||||
|
||||
# Create the mount point for volumes
|
||||
mkdir -p $scratchmnt/mnt/mqm
|
||||
|
||||
# Create the directory for MQ configuration files
|
||||
mkdir -p $scratchmnt/etc/mqm
|
||||
|
||||
# Create a symlink for /var/mqm -> /mnt/mqm/data
|
||||
buildah run $ctr ln -s /mnt/mqm/data /var/mqm
|
||||
|
||||
# Optional: Set these values for the Bluemix Vulnerability Report
|
||||
sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' $scratchmnt/etc/login.defs
|
||||
sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' $scratchmnt/etc/login.defs
|
||||
sed -i 's/password\t\[success=1 default=ignore\]\tpam_unix\.so obscure sha512/password\t[success=1 default=ignore]\tpam_unix.so obscure sha512 minlen=8/' $scratchmnt/etc/pam.d/password-auth
|
||||
|
||||
# Build and test the Go code
|
||||
go build ./cmd/runmqserver/
|
||||
go build ./cmd/chkmqready/
|
||||
go build ./cmd/chkmqhealthy/
|
||||
go test -v ./cmd/runmqserver/
|
||||
go test -v ./cmd/chkmqready/
|
||||
go test -v ./cmd/chkmqhealthy/
|
||||
go test -v ./internal/...
|
||||
go vet ./cmd/... ./internal/...
|
||||
# Install the Go binaries into the image
|
||||
cp runmqserver $scratchmnt/usr/local/bin/
|
||||
cp chkmq* $scratchmnt/usr/local/bin/
|
||||
cp NOTICES.txt $scratchmnt/opt/mqm/licenses/notices-container.txt
|
||||
chmod ug+x $scratchmnt/usr/local/bin/runmqserver
|
||||
chown mqm:mqm $scratchmnt/usr/local/bin/*mq*
|
||||
chmod ug+xs $scratchmnt/usr/local/bin/chkmq*
|
||||
|
||||
buildah config \
|
||||
--port 1414/tcp \
|
||||
--port 9157/tcp \
|
||||
--os linux \
|
||||
--label architecture=x86_64 \
|
||||
--label io.openshift.tags="mq messaging" \
|
||||
--label io.k8s.display-name="IBM MQ Advanced Server" \
|
||||
--label io.k8s.description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms. It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
|
||||
--label name="mqadvanced-server" \
|
||||
--label vendor="IBM" \
|
||||
--label version="9.0.5.0" \
|
||||
--env AMQ_ADDITIONAL_JSON_LOG=1 \
|
||||
--env LANG=en_US.UTF-8 \
|
||||
--env LOG_FORMAT=basic \
|
||||
--entrypoint runmqserver \
|
||||
--user 888 \
|
||||
$ctr
|
||||
buildah unmount $ctr
|
||||
buildah commit $ctr mymq
|
||||
|
||||
# TODO: Leaves the working container lying around. Good for dev.
|
||||
Reference in New Issue
Block a user