Merge pull request microsoft#759 from jamesongithub/jy/dockerfiles

Update SLES Dockerfile to 15.3. Update OpenSUSE Dockerfile to use leap15.4. Reduce image layers. Update instructions for building on registered host.

Author: amvin87-zz

linux/preview/SLES/Dockerfile

@@ -0,0 +1,62 @@
+#
+# Note: This image requires an active SLES15 subscription to build.
+# 
+# Thank you to our SUSE Partners for helping with this :)
+#
+# Assumptions
+# 1. use a matching version to the underlying build host
+# 2. ensure it is registered to have access to needed repos
+#	then leveraging container-suseconnect-zypp
+#	e.g. zypper ref
+#	Repository 'SLE-Module-Containers12-Pool' is up to date.
+#	Repository 'SLE-Module-Containers12-Updates' is up to date.
+#	Repository 'SLES12-SP5-Pool' is up to date.
+#	Repository 'SLES12-SP5-Updates' is up to date.
+#	All repositories have been refreshed.
+# 3. minimize the layers by consolidating commands
+
+FROM registry.suse.com/suse/sle15:15.3
+
+ENV ADDITIONAL_MODULES=sle-module-legacy
+
+RUN zypper install --no-confirm --no-recommends \
+    # install setcap to be used later
+    # curl is needed for rpm import
+    libcap-progs curl && \
+    rpm --import https://packages.microsoft.com/keys/microsoft.asc && \
+    zypper rm --no-confirm --clean-deps curl
+
+# consider merging the two RUNs to save ~ 40mb at the cost of caching adding the signing key
+
+# add mssql-server repo
+RUN zypper addrepo --no-check https://packages.microsoft.com/config/sles/15/mssql-server-2019.repo && \
+    zypper refresh packages-microsoft-com-mssql-server-2019 && \
+    # install mssql-server
+    zypper install --no-confirm --auto-agree-with-licenses --no-recommends mssql-server && \
+    # add mssql-tools repo
+    zypper addrepo --check https://packages.microsoft.com/config/sles/15/prod.repo && \
+    zypper refresh packages-microsoft-com-prod && \
+    # install mssql-tools (consider removing to reduce size) Microsoft already maintains a separate mssql-tools image
+    ACCEPT_EULA=Y zypper install --no-confirm --no-recommends mssql-tools && \
+    zypper clean --all && \
+    # post installation of SQL Server the mssql user/group is created
+    # so set the right permissions to the msssql folder
+    mkdir -p -m 770 /var/opt/mssql && \
+    chown -R mssql /var/opt/mssql && \
+    # grant sql the permissions to connect to ports <1024 as a non-root user
+    setcap 'cap_net_bind_service+ep' /opt/mssql/bin/sqlservr && \
+    # allow dumps from the non-root process
+    setcap 'cap_sys_ptrace+ep' /opt/mssql/bin/paldumper && \        
+    setcap 'cap_sys_ptrace+ep' /usr/bin/gdb && \
+    # ldconfig file because setcap causes the os to remove LD_LIBRARY_PATH
+    # and other env variables that control dynamic linking
+    mkdir -p /etc/ld.so.conf.d && \
+    touch /etc/ld.so.conf.d/mssql.conf && \
+    echo -e "# mssql libs\n/opt/mssql/lib" >> /etc/ld.so.conf.d/mssql.conf && \
+    ldconfig
+
+EXPOSE 1433
+
+USER mssql
+
+CMD ["/opt/mssql/bin/sqlservr"]

linux/preview/SLES/README.md

@@ -1,6 +1,6 @@
 # How to build a SQL Server on SLES container image
 
-1. Ensure that host machine is running the same version of the SLES that you will build SQL Server 2019 container image, in this case we are using a host which is running SLES 12 SP 5 and building the SQL Server also on top of SLES 12 SP 5.
+1. Ensure that host machine is running the same version of the SLES that you will build SQL Server 2019 container image, in this case we are using a host which is running SLES15 SP3 and building the SQL Server also on top of SLES15 SP3.
 
 2. Please ensure the host machine is registered using the SUSEConnect command as documented here: https://www.suse.com/support/kb/doc/?id=000018564
 
@@ -9,16 +9,31 @@
     SUSEConnect -s
     ```
 
+4. Depending on how your host machine is registered, setup your machine for SUSE [container-suseconnect](https://github.com/SUSE/container-suseconnect) correctly so the credentials can be made available to the container. Instructions differ for [RMT/SMT](https://github.com/SUSE/container-suseconnect#building-images-on-sle-systems-registered-with-rmt-or-smt), [on-demand/PAYG in the cloud](https://github.com/SUSE/container-suseconnect#building-images-on-demand-sle-instances-in-the-public-cloud), and [non SLES distros](https://github.com/SUSE/container-suseconnect#building-images-on-non-sle-distributions).
+
 **Steps to building SQL Server on SLES container image**
 
 1.	Create the dockerfile as shown in the dockerfile command and save it into your working directory
 
 2.	[optional] Customize the mssql.conf file. Example mssql.conf entries can be found here: https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-configure-mssql-conf?view=sql-server-2017#mssql-conf-format 
 
-3.	Build the docker image. 
+3.	Build the docker image.
+
+    when host is registered against RMT/SMT
     ```
     docker build . -t mssql-sles-tools-nonroot
     ```
+    when host is on-demand or payg in the public cloud
+    ```
+    docker build --network host -t mssql-sles-tools-nonroot .
+    ```
+    when using non SLES distros (Note: building on non SLES distros will require [additonal changes](https://github.com/SUSE/container-suseconnect#building-images-on-non-sle-distributions) to the Dockerfile)
+    ```
+    docker build -t mssql-sles-tools-nonroot \
+        --secret id=SUSEConnect,src=SUSEConnect \
+        --secret id=SCCcredentials,src=SCCcredentials .
+    ```
+
 4. Confirm the image is successfully created using the command
     ```
     docker images

linux/preview/SLES/dockerfile

@@ -0,0 +1,38 @@
+FROM opensuse/leap:15.4
+
+RUN zypper install --no-confirm --no-recommends \
+    # install setcap to be used later
+    # curl is needed for rpm import
+    libcap-progs curl && \
+    rpm --import https://packages.microsoft.com/keys/microsoft.asc && \
+    zypper rm --no-confirm --clean-deps curl
+
+# consider merging the two RUNs to save ~ 100mb at the cost of caching adding the signing key
+
+# add mssql-server repo
+RUN zypper addrepo --no-check https://packages.microsoft.com/config/sles/15/mssql-server-2019.repo && \
+    zypper refresh packages-microsoft-com-mssql-server-2019 && \
+    # install mssql-server
+    zypper install --no-confirm --auto-agree-with-licenses --no-recommends mssql-server && \
+    zypper clean --all && \
+    # post installation of SQL Server the mssql user/group is created
+    # so set the right permissions to the msssql folder
+    mkdir -p -m 770 /var/opt/mssql && \
+    chown -R mssql /var/opt/mssql && \
+    # grant sql the permissions to connect to ports <1024 as a non-root user
+    setcap 'cap_net_bind_service+ep' /opt/mssql/bin/sqlservr && \
+    # allow dumps from the non-root process
+    setcap 'cap_sys_ptrace+ep' /opt/mssql/bin/paldumper && \        
+    setcap 'cap_sys_ptrace+ep' /usr/bin/gdb && \
+    # ldconfig file because setcap causes the os to remove LD_LIBRARY_PATH
+    # and other env variables that control dynamic linking
+    mkdir -p /etc/ld.so.conf.d && \
+    touch /etc/ld.so.conf.d/mssql.conf && \
+    echo -e "# mssql libs\n/opt/mssql/lib" >> /etc/ld.so.conf.d/mssql.conf && \
+    ldconfig
+
+EXPOSE 1433
+
+USER mssql
+
+CMD ["/opt/mssql/bin/sqlservr"]