forked from couchbase/couchbase-fluent-bit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.rhel
142 lines (118 loc) · 5.73 KB
/
Dockerfile.rhel
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
FROM registry.access.redhat.com/ubi8/ubi:8.4 as builder
# hadolint ignore=DL3041
RUN dnf update -y && dnf install -y cmake diffutils gcc gcc-c++ libpq-devel m4 make openssl-devel systemd-devel tar unzip && dnf clean all
ARG FLUENT_BIT_VER=1.8.8
ADD https://github.com/fluent/fluent-bit/archive/refs/tags/v${FLUENT_BIT_VER}.zip /source.zip
RUN mkdir -p /fluent-bit/bin /fluent-bit/etc /fluent-bit/log /tmp/src \
&& unzip /source.zip -d /tmp/src && mv /tmp/src/fluent-bit-*/* /tmp/src/ \
&& rm -rf /tmp/src/build/*
# We require flex & bison which are not available for UBI to build record accessor and this is also used in some other output plugins
# We could build 1.6.10 as the 1.7 series will not build without RA: https://github.com/fluent/fluent-bit/issues/3097
# We must disable http input as well because this triggers another RA failure in 1.6.10: https://github.com/fluent/fluent-bit/issues/2930
#RUN cmake -DFLB_RECORD_ACCESSOR=Off -DFLB_STREAM_PROCESSOR=Off -DFLB_IN_HTTP=Off -DFLB_OUT_LOKI=Off -DFLB_TLS=On ../ && make && install bin/fluent-bit /fluent-bit/bin/
ARG BISON_VER=3.7
ARG BUSON_URL=http://ftp.gnu.org/gnu/bison
ARG FLEX_VER=2.6.4
ARG FLEX_URL=https://github.com/westes/flex/files/981163
ADD ${BUSON_URL}/bison-${BISON_VER}.tar.gz /bison/
ADD ${FLEX_URL}/flex-${FLEX_VER}.tar.gz /flex/
RUN tar -xzvf /bison/bison-${BISON_VER}.tar.gz -C /bison/ && tar -xzvf /flex/flex-${FLEX_VER}.tar.gz -C /flex/
# Flex needs Bison so do first
WORKDIR /bison/bison-${BISON_VER}/
RUN ./configure && make && make install
WORKDIR /flex/flex-${FLEX_VER}/
RUN ./configure && make && make install
WORKDIR /tmp/src/build/
# IPv6 tests dependent on docker configuration and support so disable
RUN sed -i '/{ "ipv6_client_server", test_ipv6_client_server},/d' ../tests/internal/network.c
# Disable the TD output plugin & Process input plugin as unit test fails
RUN cmake \
-DFLB_TESTS_RUNTIME=On \
-DFLB_TESTS_INTERNAL=On \
-DFLB_RELEASE=On \
-DFLB_TLS=On \
-DFLB_OUT_TD=Off \
-DFLB_IN_PROC=Off \
../ && \
make && \
install bin/fluent-bit /fluent-bit/bin/
# Configuration files
RUN cp /tmp/src/conf/*.conf /fluent-bit/etc/
FROM registry.access.redhat.com/ubi8/ubi-minimal:8.4 as production
LABEL description="Couchbase Fluent Bit image with support for config reload, pre-processing and redaction" vendor="Couchbase" maintainer="docker@couchbase.com"
# ubi-minimal updates frequently and has very few packages installed,
# so no need for a "security-only" update.
RUN microdnf update && microdnf install -y openssl libpq systemd-libs shadow-utils && microdnf clean all
# Ensure we add licensing and help information for certification requirements
COPY licenses/* /licenses/
COPY README.md /help.1
COPY --from=builder /fluent-bit /fluent-bit
# See Dockerfile for details - this should all be equivalent to the standard image
ENV COUCHBASE_LOGS_BINARY /fluent-bit/bin/fluent-bit
COPY bin/linux/couchbase-watcher /fluent-bit/bin/couchbase-watcher
COPY conf/ /fluent-bit/etc/
ENV COUCHBASE_LOGS_REBALANCE_TEMPDIR /tmp/rebalance-logs
ENV COUCHBASE_LOGS /opt/couchbase/var/lib/couchbase/logs
VOLUME /fluent-bit/config
ENV COUCHBASE_LOGS_DYNAMIC_CONFIG /fluent-bit/config
COPY conf/fluent-bit.conf /fluent-bit/config/fluent-bit.conf
ENV COUCHBASE_LOGS_CONFIG_FILE /fluent-bit/config/fluent-bit.conf
COPY redaction/sha1/ /usr/local/share/lua/5.1/sha1/
COPY redaction/redaction.lua /fluent-bit/etc/
# Try to hide some of the RHEL wastage
FROM production as test
RUN microdnf update && microdnf install -y findutils diffutils && microdnf clean all
# Add unit tests from Fluent Bit so we can run
COPY --from=builder /tmp/src/build/bin/flb-* /fluent-bit/test/bin/
# We need test config & other data
COPY --from=builder /tmp/src/tests/ /fluent-bit/test/support/
# Hardcoded location during build process by CMake with no simple override
RUN mkdir -p /tmp/src && ln -s /fluent-bit/test/support /tmp/src/tests
# Add our test cases
COPY test/ /fluent-bit/test/
ENV COUCHBASE_LOGS_BINARY /fluent-bit/bin/fluent-bit
# Redirect to local logs
ENV COUCHBASE_LOGS /fluent-bit/test/logs
ENV COUCHBASE_LOGS_REBALANCE_TEMPDIR /fluent-bit/test/logs/rebalance-logs
# Need to chmod for log & config output write access
# Add user to run as
RUN chmod 777 /fluent-bit/test/ /fluent-bit/test/logs && \
chmod 777 /fluent-bit/etc/couchbase && \
useradd -u 8453 -m -s /bin/false couchbase
USER 8453
ARG HTTP_PORT=2020
ENV HTTP_PORT=$HTTP_PORT
EXPOSE $HTTP_PORT
CMD ["sh", "/fluent-bit/test/run-tests.sh"]
# Keep track of the versions we are using - not persisted between stages
ARG FLUENT_BIT_VER=1.8.8
ENV FLUENTBIT_VERSION=$FLUENT_BIT_VER
ARG PROD_VERSION
ENV COUCHBASE_FLUENTBIT_VERSION=$PROD_VERSION
# We need a build to complete without targets that produces the official image to deploy
FROM production
RUN useradd -u 8453 -m -s /bin/false couchbase
USER 8453
ARG HTTP_PORT=2020
ENV HTTP_PORT=$HTTP_PORT
EXPOSE $HTTP_PORT
CMD ["/fluent-bit/bin/couchbase-watcher"]
# Keep track of the versions we are using - not persisted between stages
ARG FLUENT_BIT_VER=1.8.8
ENV FLUENTBIT_VERSION=$FLUENT_BIT_VER
ARG PROD_VERSION
ENV COUCHBASE_FLUENTBIT_VERSION=$PROD_VERSION
# The default match we send to standard output
ENV STDOUT_MATCH="couchbase.log.*"
# Some support for Loki customisation but ensure we set defaults
ENV LOKI_MATCH=no-match
ENV LOKI_HOST=loki
ENV LOKI_PORT=3100
LABEL name="couchbase/fluent-bit" \
vendor="Couchbase" \
version="${PROD_VERSION}" \
release="Latest" \
summary="Couchbase Autonomous Operator ${PROD_VERSION} Log Support" \
description="Couchbase Autonomous Operator ${PROD_VERSION} Log Support" \
architecture="x86_64" \
run="docker run -d --name logging registry.connect.redhat.com/couchbase/fluent-bit:${PROD_VERSION}-${OS_BUILD}"