Rob Parker
GitHub
@@ -47,9 +47,6 @@ MQ_PACKAGES ?= MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSe
|
||||
###############################################################################
|
||||
# ARCH is the platform architecture (e.g. x86_64, ppc64le or s390x)
|
||||
ARCH = $(shell uname -m)
|
||||
# NUM_CPU is the number of CPUs available to Docker. Used to control how many
|
||||
# test run in parallel
|
||||
NUM_CPU = $(or $(shell docker info --format "{{ .NCPU }}"),2)
|
||||
# BASE_IMAGE_TAG is a normalized version of BASE_IMAGE, suitable for use in a Docker tag
|
||||
BASE_IMAGE_TAG=$(subst /,-,$(subst :,-,$(BASE_IMAGE)))
|
||||
MQ_IMAGE_DEVSERVER_BASE=mqadvanced-server-dev-base:$(MQ_VERSION)-$(ARCH)-$(BASE_IMAGE_TAG)
|
||||
@@ -116,7 +113,7 @@ test-advancedserver: check-test-prereqs test/docker/vendor
|
||||
$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER) on $(shell docker --version)"$(END)))
|
||||
buildah push $(MQ_IMAGE_ADVANCEDSERVER) docker-daemon:$(MQ_IMAGE_ADVANCEDSERVER)
|
||||
docker tag docker.io/$(MQ_IMAGE_ADVANCEDSERVER) $(MQ_IMAGE_ADVANCEDSERVER)
|
||||
cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER) EXPECTED_LICENSE=Production go test -parallel $(NUM_CPU) $(TEST_OPTS_DOCKER)
|
||||
cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER) EXPECTED_LICENSE=Production go test $(TEST_OPTS_DOCKER)
|
||||
|
||||
|
||||
.PHONY: test-devserver
|
||||
@@ -124,7 +121,7 @@ test-devserver: check-test-prereqs test/docker/vendor
|
||||
$(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_DEVSERVER) on $(shell docker --version)"$(END)))
|
||||
buildah push $(MQ_IMAGE_DEVSERVER) docker-daemon:$(MQ_IMAGE_DEVSERVER)
|
||||
docker tag docker.io/$(MQ_IMAGE_DEVSERVER) $(MQ_IMAGE_DEVSERVER)
|
||||
cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) go test -parallel $(NUM_CPU) -tags mqdev $(TEST_OPTS_DOCKER)
|
||||
cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) go test -tags mqdev $(TEST_OPTS_DOCKER)
|
||||
|
||||
|
||||
.PHONY: build-advancedserver
|
||||
|
||||
@@ -19,17 +19,12 @@
|
||||
|
||||
set -ex
|
||||
|
||||
readonly ctr=$1
|
||||
readonly scratchmnt=$2
|
||||
readonly ctr_mq=$1
|
||||
readonly mnt_mq=$2
|
||||
readonly archive=$3
|
||||
readonly mq_packages=$4
|
||||
readonly dir_extract=/tmp/extract
|
||||
|
||||
groupadd --root $scratchmnt --system --gid 888 mqm
|
||||
useradd --root $scratchmnt --system --uid 888 --gid mqm mqm
|
||||
usermod --root $scratchmnt -aG root mqm
|
||||
usermod --root $scratchmnt -aG mqm root
|
||||
|
||||
if [ ! -d ${dir_extract}/MQServer ]; then
|
||||
mkdir -p ${dir_extract}
|
||||
echo Extracting $archive
|
||||
@@ -41,34 +36,36 @@ fi
|
||||
|
||||
|
||||
# Accept the MQ license
|
||||
buildah run --volume ${dir_extract}:/mnt/mq-download $ctr -- /mnt/mq-download/MQServer/mqlicense.sh -text_only -accept
|
||||
buildah run --volume ${dir_extract}:/mnt/mq-download $ctr_mq -- /mnt/mq-download/MQServer/mqlicense.sh -text_only -accept
|
||||
|
||||
buildah run --volume ${dir_extract}:/mnt/mq-download $ctr -- bash -c "cd /mnt/mq-download/MQServer && rpm -ivh $mq_packages"
|
||||
buildah run --volume ${dir_extract}:/mnt/mq-download $ctr_mq -- bash -c "cd /mnt/mq-download/MQServer && rpm -ivh $mq_packages"
|
||||
|
||||
rm -rf ${dir_extract}/MQServer
|
||||
|
||||
# Remove 32-bit libraries from 64-bit container
|
||||
find $scratchmnt/opt/mqm $scratchmnt/var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f
|
||||
find $mnt_mq/opt/mqm $mnt_mq/var/mqm -type f -exec file {} \; | awk -F: '/ELF 32-bit/{print $1}' | xargs --no-run-if-empty rm -f
|
||||
|
||||
# Remove tar.gz files unpacked by RPM postinst scripts
|
||||
find $scratchmnt/opt/mqm -name '*.tar.gz' -delete
|
||||
find $mnt_mq/opt/mqm -name '*.tar.gz' -delete
|
||||
|
||||
# Recommended: Set the default MQ installation (makes the MQ commands available on the PATH)
|
||||
buildah run $ctr -- /opt/mqm/bin/setmqinst -p /opt/mqm -i
|
||||
buildah run $ctr_mq -- /opt/mqm/bin/setmqinst -p /opt/mqm -i
|
||||
|
||||
mkdir -p $scratchmnt/run/runmqserver
|
||||
chown 888:888 $scratchmnt/run/runmqserver
|
||||
mkdir -p $mnt_mq/run/runmqserver
|
||||
chown 888:888 $mnt_mq/run/runmqserver
|
||||
|
||||
# Remove the directory structure under /var/mqm which was created by the installer
|
||||
rm -rf $scratchmnt/var/mqm
|
||||
rm -rf $mnt_mq/var/mqm
|
||||
|
||||
# Create the mount point for volumes
|
||||
mkdir -p $scratchmnt/mnt/mqm
|
||||
mkdir -p $mnt_mq/mnt/mqm
|
||||
|
||||
# Create a symlink for /var/mqm -> /mnt/mqm/data
|
||||
buildah run $ctr -- ln -s /mnt/mqm/data /var/mqm
|
||||
buildah run $ctr_mq -- ln -s /mnt/mqm/data /var/mqm
|
||||
|
||||
# Optional: Set these values for the IBM Cloud Vulnerability Report
|
||||
sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' $scratchmnt/etc/login.defs
|
||||
sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' $scratchmnt/etc/login.defs
|
||||
sed -i 's/password\t\[success=1 default=ignore\]\tpam_unix\.so obscure sha512/password\t[success=1 default=ignore]\tpam_unix.so obscure sha512 minlen=8/' $scratchmnt/etc/pam.d/password-auth
|
||||
sed -i 's/PASS_MAX_DAYS\t99999/PASS_MAX_DAYS\t90/' $mnt_mq/etc/login.defs
|
||||
sed -i 's/PASS_MIN_DAYS\t0/PASS_MIN_DAYS\t1/' $mnt_mq/etc/login.defs
|
||||
sed -i 's/password\t\[success=1 default=ignore\]\tpam_unix\.so obscure sha512/password\t[success=1 default=ignore]\tpam_unix.so obscure sha512 minlen=8/' $mnt_mq/etc/pam.d/password-auth
|
||||
|
||||
buildah run $ctr_mq -- cp -rs /opt/mqm/licenses/ /
|
||||
|
||||
@@ -26,8 +26,6 @@ set -e
|
||||
# Setup MQ server working container
|
||||
###############################################################################
|
||||
|
||||
# Use a "scratch" container, so the resulting image has minimal files
|
||||
# Resulting image won't have yum, for example
|
||||
readonly ctr_mq=$(buildah from rhel7)
|
||||
readonly mnt_mq=$(buildah mount $ctr_mq)
|
||||
readonly archive=downloads/$1
|
||||
@@ -40,6 +38,11 @@ readonly mqdev=$5
|
||||
# Install MQ server
|
||||
###############################################################################
|
||||
|
||||
groupadd --root ${mnt_mq} --system --gid 888 mqm
|
||||
useradd --root ${mnt_mq} --system --uid 888 --gid mqm mqm
|
||||
usermod --root ${mnt_mq} -aG root mqm
|
||||
usermod --root ${mnt_mq} -aG mqm root
|
||||
|
||||
# Install the packages required by MQ
|
||||
buildah run $ctr_mq -- yum install -y --setopt install_weak_deps=false --setopt=tsflags=nodocs --setopt=override_install_langs=en_US.utf8 \
|
||||
bash \
|
||||
@@ -84,8 +87,6 @@ else
|
||||
DISNAME="IBM MQ Advanced Server"
|
||||
fi
|
||||
|
||||
|
||||
|
||||
buildah config \
|
||||
--port 1414/tcp \
|
||||
--port 9157/tcp \
|
||||
@@ -97,6 +98,10 @@ buildah config \
|
||||
--label name="${tag%:*}" \
|
||||
--label vendor="IBM" \
|
||||
--label version="$version" \
|
||||
--label release="1" \
|
||||
--label run="docker run -d -e LICENSE=accept --name ibm-mq ${tag%:*}" \
|
||||
--label summary="$DISNAME" \
|
||||
--label description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms. It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
|
||||
--env AMQ_ADDITIONAL_JSON_LOG=1 \
|
||||
--env LANG=en_US.UTF-8 \
|
||||
--env LOG_FORMAT=basic \
|
||||
|
||||
@@ -23,25 +23,32 @@ readonly tag=$2
|
||||
# Use plain RHEL 7 container
|
||||
# Note: Red Hat's devtools/go-toolset-7-rhel7 image doesn't allow use of 'root'
|
||||
# user required for installing the MQ SDK
|
||||
readonly ctr=$(buildah from rhel7)
|
||||
readonly mnt=$(buildah mount $ctr)
|
||||
readonly ctr_mq=$(buildah from rhel7)
|
||||
readonly mnt_mq=$(buildah mount $ctr_mq)
|
||||
|
||||
# Add mqm user
|
||||
groupadd --root $mnt_mq --system --gid 888 mqm
|
||||
useradd --root $mnt_mq --system --uid 888 --gid mqm mqm
|
||||
usermod --root $mnt_mq -aG root mqm
|
||||
usermod --root $mnt_mq -aG mqm root
|
||||
|
||||
# Enable Yum repository for "optional" RPMs, which is needed for "golang"
|
||||
buildah run ${ctr} -- yum-config-manager --enable rhel-7-server-optional-rpms
|
||||
buildah run ${ctr_mq} -- yum-config-manager --enable rhel-7-server-optional-rpms
|
||||
# Install Go compiler
|
||||
buildah run ${ctr} -- yum install -y golang git gcc
|
||||
buildah run ${ctr_mq} -- yum install -y golang git gcc
|
||||
|
||||
# Install the MQ SDK into the Go builder image
|
||||
./mq-advanced-server-rhel/install-mq-rhel.sh ${ctr} "${mnt}" "${mq_archive}" "MQSeriesRuntime-*.rpm MQSeriesSDK-*.rpm MQSeriesSamples*.rpm"
|
||||
./mq-advanced-server-rhel/install-mq-rhel.sh ${ctr_mq} "${mnt_mq}" "${mq_archive}" "MQSeriesRuntime-*.rpm MQSeriesSDK-*.rpm MQSeriesSamples*.rpm"
|
||||
# Clean up Yum files
|
||||
buildah run ${ctr} -- yum clean all --releasever 7
|
||||
rm -rf ${mnt}/var/cache/yum/*
|
||||
buildah unmount ${ctr}
|
||||
buildah run ${ctr_mq} -- yum clean all --releasever 7
|
||||
rm -rf ${mnt_mq}/var/cache/yum/*
|
||||
buildah unmount ${ctr_mq}
|
||||
# Set environment variables for MQ/Go compilation
|
||||
buildah config \
|
||||
--os linux \
|
||||
--env CGO_CFLAGS="-I/opt/mqm/inc/" \
|
||||
--env CGO_LDFLAGS_ALLOW="-Wl,-rpath.*" \
|
||||
${ctr}
|
||||
buildah commit ${ctr} ${tag}
|
||||
${ctr_mq}
|
||||
buildah commit ${ctr_mq} ${tag}
|
||||
|
||||
buildah rm ${ctr}
|
||||
buildah rm ${ctr_mq}
|
||||
|
||||
@@ -35,11 +35,12 @@ readonly tag=$2
|
||||
readonly version=$3
|
||||
|
||||
|
||||
useradd --root $mnt_mq --system --uid 889 --gid mqm admin
|
||||
groupadd --root $mnt_mq --system --gid 890 mqclient
|
||||
useradd --root $mnt_mq --system --uid 890 --gid mqclient app
|
||||
useradd --root $mnt_mq --gid mqm admin
|
||||
groupadd --root $mnt_mq --system mqclient
|
||||
useradd --root $mnt_mq --gid mqclient app
|
||||
|
||||
buildah run $ctr -- echo admin:passw0rd | chpasswd
|
||||
buildah run $ctr_mq -- id admin
|
||||
buildah run $ctr_mq -- sh -c "echo admin:passw0rd | chpasswd"
|
||||
|
||||
mkdir -p $mnt_mq/run/runmqdevserver
|
||||
chown 888:888 $mnt_mq/run/runmqdevserver
|
||||
@@ -69,6 +70,10 @@ buildah config \
|
||||
--label name="${tag%:*}" \
|
||||
--label vendor="IBM" \
|
||||
--label version="$version" \
|
||||
--label release="1" \
|
||||
--label run="docker run -d -e LICENSE=accept --name ibm-mq-dev ${tag%:*}" \
|
||||
--label summary="IBM MQ Advanced Server Developer Edition" \
|
||||
--label description="IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms. It uses message queues to facilitate the exchanges of information and offers a single messaging solution for cloud, mobile, Internet of Things (IoT) and on-premises environments." \
|
||||
--env AMQ_ADDITIONAL_JSON_LOG=1 \
|
||||
--env LANG=en_US.UTF-8 \
|
||||
--env LOG_FORMAT=basic \
|
||||
|
||||
Reference in New Issue
Block a user