Add Couchbase Server EE 6.5.2 #12094
Conversation
|
I will likely propose another change after this one to remove 6.5.2 again, since it does have the Log4Shell vulnerability. The point here is just to make it possible for certain users to be able to pull "couchbase:6.5.2". |
|
Ran a build test on our infrastructure (as done previously) and now it's running into what looks like the same failure as GitHub Actions -- I guess since the last time, we've (finally 🙈) updated from Docker 19.03 to 20.10, and that's probably related? That would explain why we've always seen a disparity with GitHub Actions too. 😬 Build test of #12094; b48abc4; $ bashbrew build couchbase:6.5.2
Building bashbrew/cache:1fcedd2079558eb5a9ef3a55096c07082a8bfe3051f42986b79b6c5f251bdd19 (couchbase:6.5.2)
failed building "couchbase" (tags "6.5.2, enterprise-6.5.2")
exit status 100
docker ["build" "--tag" "bashbrew/cache:1fcedd2079558eb5a9ef3a55096c07082a8bfe3051f42986b79b6c5f251bdd19" "--file" "Dockerfile" "--rm" "--force-rm" "-"] output:
Sending build context to Docker daemon 30.72kB
Step 1/22 : FROM ubuntu:18.04
---> b67d6ac264e4
Step 2/22 : LABEL maintainer="docker@couchbase.com"
---> Using cache
---> 9569eb719d2b
Step 3/22 : RUN set -x && apt-get update && apt-get install -yq runit wget chrpath tzdata man lsof lshw sysstat net-tools numactl bzip2 && apt-get autoremove && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
---> Using cache
---> 6dd3b026420a
Step 4/22 : RUN if [ ! -x /usr/sbin/runsvdir-start ]; then cp -a /etc/runit/2 /usr/sbin/runsvdir-start; fi
---> Using cache
---> affc7f56308a
Step 5/22 : ARG CB_VERSION=6.5.2
---> Using cache
---> b7db46b08fe0
Step 6/22 : ARG CB_RELEASE_URL=https://packages.couchbase.com/releases/6.5.2
---> Using cache
---> c4e787bb6d5f
Step 7/22 : ARG CB_PACKAGE=couchbase-server-enterprise_6.5.2-ubuntu18.04_amd64.deb
---> Using cache
---> 2d946a1a507a
Step 8/22 : ARG CB_SHA256=62f9ffad86eab90137701baab421586af49fe0e7c458bb047b6c364c6ad11684
---> Using cache
---> f2530b497caa
Step 9/22 : ENV PATH=$PATH:/opt/couchbase/bin:/opt/couchbase/bin/tools:/opt/couchbase/bin/install
---> Using cache
---> f8b7efec3d45
Step 10/22 : RUN groupadd -g 1000 couchbase && useradd couchbase -u 1000 -g couchbase -M
---> Using cache
---> de728d032c7b
Step 11/22 : RUN set -x && export INSTALL_DONT_START_SERVER=1 && wget -N --no-verbose $CB_RELEASE_URL/$CB_PACKAGE && echo "$CB_SHA256 $CB_PACKAGE" | sha256sum -c - && apt-get update && apt-get install -y ./$CB_PACKAGE && rm -f ./$CB_PACKAGE && apt-get autoremove && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
---> Running in deac8311ad15
+ export INSTALL_DONT_START_SERVER=1
+ wget -N --no-verbose https://packages.couchbase.com/releases/6.5.2/couchbase-server-enterprise_6.5.2-ubuntu18.04_amd64.deb
2022-03-21 22:21:12 URL:https://packages.couchbase.com/releases/6.5.2/couchbase-server-enterprise_6.5.2-ubuntu18.04_amd64.deb [332312644/332312644] -> "couchbase-server-enterprise_6.5.2-ubuntu18.04_amd64.deb" [1]
+ echo 62f9ffad86eab90137701baab421586af49fe0e7c458bb047b6c364c6ad11684 couchbase-server-enterprise_6.5.2-ubuntu18.04_amd64.deb
+ sha256sum -c -
couchbase-server-enterprise_6.5.2-ubuntu18.04_amd64.deb: OK
+ apt-get update
Get:1 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic InRelease [242 kB]
Get:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:5 http://security.ubuntu.com/ubuntu bionic-security/restricted amd64 Packages [829 kB]
Get:6 http://security.ubuntu.com/ubuntu bionic-security/multiverse amd64 Packages [21.1 kB]
Get:7 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [1479 kB]
Get:8 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [2628 kB]
Get:9 http://archive.ubuntu.com/ubuntu bionic/multiverse amd64 Packages [186 kB]
Get:10 http://archive.ubuntu.com/ubuntu bionic/restricted amd64 Packages [13.5 kB]
Get:11 http://archive.ubuntu.com/ubuntu bionic/main amd64 Packages [1344 kB]
Get:12 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages [11.3 MB]
Get:13 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [3067 kB]
Get:14 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [2257 kB]
Get:15 http://archive.ubuntu.com/ubuntu bionic-updates/multiverse amd64 Packages [29.0 kB]
Get:16 http://archive.ubuntu.com/ubuntu bionic-updates/restricted amd64 Packages [863 kB]
Get:17 http://archive.ubuntu.com/ubuntu bionic-backports/universe amd64 Packages [12.6 kB]
Get:18 http://archive.ubuntu.com/ubuntu bionic-backports/main amd64 Packages [11.6 kB]
Fetched 24.6 MB in 2s (11.7 MB/s)
Reading package lists...
+ apt-get install -y ./couchbase-server-enterprise_6.5.2-ubuntu18.04_amd64.deb
Reading package lists...
Building dependency tree...
Reading state information...
The following NEW packages will be installed:
couchbase-server
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/332 MB of archives.
After this operation, 845 MB of additional disk space will be used.
Get:1 /couchbase-server-enterprise_6.5.2-ubuntu18.04_amd64.deb couchbase-server amd64 6.5.2-6634-1 [332 MB]
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package couchbase-server.
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 7206 files and directories currently installed.)
Preparing to unpack .../couchbase-server-enterprise_6.5.2-ubuntu18.04_amd64.deb ...
Warning: Transparent hugepages looks to be active and should not be.
Please look at https://developer.couchbase.com/documentation/server/current/install/thp-disable.html as for how to PERMANENTLY alter this setting.
Warning: Swappiness is not set to 0.
Please look at https://developer.couchbase.com/documentation/server/current/install/install-swap-space.html as for how to PERMANENTLY alter this setting.
Minimum RAM required : 4 GB
System RAM configured : 7.67 GB
Minimum number of processors required : 4 cores
Number of processors on the system : 2 cores
Unpacking couchbase-server (6.5.2-6634-1) ...
Setting up couchbase-server (6.5.2-6634-1) ...
/opt/couchbase/bin/install/systemd-ctl: line 26: systemctl: command not found
dpkg: error processing package couchbase-server (--configure):
installed couchbase-server package post-installation script subprocess returned error exit status 127
Errors were encountered while processing:
couchbase-server
E: Sub-process /usr/bin/dpkg returned an error code (1)
Removing intermediate container deac8311ad15
The command '/bin/sh -c set -x && export INSTALL_DONT_START_SERVER=1 && wget -N --no-verbose $CB_RELEASE_URL/$CB_PACKAGE && echo "$CB_SHA256 $CB_PACKAGE" | sha256sum -c - && apt-get update && apt-get install -y ./$CB_PACKAGE && rm -f ./$CB_PACKAGE && apt-get autoremove && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*' returned a non-zero code: 100The following images failed to build:
|
|
@tianon Does that mean it's no longer possible to build this Dockerfile at all? |
|
@tianon I was able to build the image locally with Docker 20.10 on an Ubuntu 20.04 laptop. The problem isn't the Docker version, at least not directly. This older version of our "are we in a container?" script checked for a regex match on the contents of /proc/1/cgroup , but at least in the GitHub Actions world, apparently that has some different value than we expected. |
|
Yeah, it's failing to build completely in all our infrastructure now, consistent with GitHub Actions. 😬 So I guess maybe something related to cgroupsv2 and/or even cgroups delegation support?
On my local system and most of our workers, checking |
|
I'm trying to find a workaround here, but I can't find a way to reproduce it. I set up a GitHub Action using docker/build-push-action@v2 because I thought we'd previously determined that GitHub Actions were configured in this "bad" way, but it built fine: https://github.com/ceejatec/docker/runs/5685591038?check_suite_focus=true Can you help specify something about how your workflows are configured that might be behind this problem? |
|
Just Technically it builds via |
|
Ok, yes, I was able to reproduce it with a more simplified GitHub action that just shells out to "docker build". And I've managed to create a functional workaround. Now I'm trying to integrate the workaround into our Dockerfile generation script. |
Diff for e675b60:diff --git a/_bashbrew-cat b/_bashbrew-cat
index 10d544d..5245fb9 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -5,6 +5,10 @@ Tags: 6.0.5, enterprise-6.0.5
GitCommit: 5929be778eb5306f116f71cc9a0a23fea6d9a7aa
Directory: enterprise/couchbase-server/6.0.5
+Tags: 6.5.2, enterprise-6.5.2
+GitCommit: d24fe7e4e45de16395e6da37a97969e8ce198b45
+Directory: enterprise/couchbase-server/6.5.2
+
Tags: 6.6.5, enterprise-6.6.5
GitCommit: b9ef0fefa25a0ca646bf746765f66bf33ee3fac7
Directory: enterprise/couchbase-server/6.6.5
diff --git a/_bashbrew-list b/_bashbrew-list
index f6d2ad2..22eb9d6 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -1,4 +1,5 @@
couchbase:6.0.5
+couchbase:6.5.2
couchbase:6.6.5
couchbase:7.0.3
couchbase:community
@@ -6,6 +7,7 @@ couchbase:community-6.6.0
couchbase:community-7.0.2
couchbase:enterprise
couchbase:enterprise-6.0.5
+couchbase:enterprise-6.5.2
couchbase:enterprise-6.6.5
couchbase:enterprise-7.0.3
couchbase:latest
diff --git a/couchbase_enterprise-6.6.5/Dockerfile b/couchbase_enterprise-6.5.2/Dockerfile
similarity index 81%
copy from couchbase_enterprise-6.6.5/Dockerfile
copy to couchbase_enterprise-6.5.2/Dockerfile
index 10807a4..59c1102 100644
--- a/couchbase_enterprise-6.6.5/Dockerfile
+++ b/couchbase_enterprise-6.5.2/Dockerfile
@@ -1,6 +1,6 @@
-FROM ubuntu:20.04
+FROM ubuntu:18.04
LABEL maintainer="docker@couchbase.com"
@@ -24,10 +24,10 @@ RUN set -x \
lsof lshw sysstat net-tools numactl bzip2 runit \
&& ${CLEANUP_COMMAND}
-ARG CB_VERSION=6.6.5
-ARG CB_RELEASE_URL=https://packages.couchbase.com/releases/6.6.5
-ARG CB_PACKAGE=couchbase-server-enterprise_6.6.5-ubuntu20.04_amd64.deb
-ARG CB_SHA256=fb2da1880ea993dc7a5695c6fbe14cde62024d865a71a7d44ab653f0f633d4c6
+ARG CB_RELEASE_URL=https://packages.couchbase.com/releases/6.5.2
+ARG CB_PACKAGE=couchbase-server-enterprise_6.5.2-ubuntu18.04_amd64.deb
+ARG CB_PACKAGE_NAME=couchbase-server
+ARG CB_SHA256=62f9ffad86eab90137701baab421586af49fe0e7c458bb047b6c364c6ad11684
ENV PATH=$PATH:/opt/couchbase/bin:/opt/couchbase/bin/tools:/opt/couchbase/bin/install
@@ -36,12 +36,19 @@ ENV PATH=$PATH:/opt/couchbase/bin:/opt/couchbase/bin/tools:/opt/couchbase/bin/in
RUN groupadd -g 1000 couchbase && useradd couchbase -u 1000 -g couchbase -M
# Install couchbase
+# Note: installers for Server prior to 7.0.0 used a method for detecting
+# if they were running in a container that caused installation to fail
+# in some environments, such as some GitHub actions. Below we patch the
+# detection mid-install to work around this issue.
RUN set -x \
&& export INSTALL_DONT_START_SERVER=1 \
&& wget -N --no-verbose $CB_RELEASE_URL/$CB_PACKAGE \
&& echo "$CB_SHA256 $CB_PACKAGE" | sha256sum -c - \
&& ${UPDATE_COMMAND} \
- && apt-get install -y ./$CB_PACKAGE \
+ && dpkg --unpack ./$CB_PACKAGE \
+ && sed -i -e '/Best heuristic/ a \ \ \ \ [ -d /run/systemd/system ] && return 1; return 0' /opt/couchbase/bin/install/systemd-ctl \
+ && dpkg --configure couchbase-server \
+ && apt-get install -yf \
&& rm -f ./$CB_PACKAGE \
&& ${CLEANUP_COMMAND} \
&& rm -rf /tmp/* /var/tmp/*
diff --git a/couchbase_community-6.6.0/scripts/dummy.sh b/couchbase_enterprise-6.5.2/scripts/dummy.sh
similarity index 100%
copy from couchbase_community-6.6.0/scripts/dummy.sh
copy to couchbase_enterprise-6.5.2/scripts/dummy.sh
diff --git a/couchbase_enterprise-6.6.5/scripts/entrypoint.sh b/couchbase_enterprise-6.5.2/scripts/entrypoint.sh
similarity index 100%
copy from couchbase_enterprise-6.6.5/scripts/entrypoint.sh
copy to couchbase_enterprise-6.5.2/scripts/entrypoint.sh
diff --git a/couchbase_enterprise-6.6.5/scripts/run b/couchbase_enterprise-6.5.2/scripts/run
similarity index 100%
copy from couchbase_enterprise-6.6.5/scripts/run
copy to couchbase_enterprise-6.5.2/scripts/runRelevant Maintainers:
|
|
Ok, proposed a fix here. Looks like it worked for the 6.5.2 addition, which is the main point of this PR. I'm going to propose a change later to update enterprise-6.6.5 and community-6.6.0 as well, but since those versions are in more active use I'd like to run it through our internal testing first just to be sure. In the meantime, those versions are no worse off than they were before this change. |
This release was previously overlooked as it came out after a newer version (6.6.1). For completeness, adding it in now.