SYS-664 image updates - mariadb-galera, mysqldump, postfix, haproxy-keepalived

.gitlab-ci.yml

@@ -22,8 +22,6 @@ stages:
   - postfix
   - postfix-python
   - proftpd
-  - python-builder
-  - python-wsgi
   - rsyslogd
   - samba
   - samba-dc
@@ -239,24 +237,6 @@ proftpd:
   only:
     changes: [ images/proftpd/**, lib/**, .image-gitlab-ci.yml ]
 
-python-builder:
-  stage: python-builder
-  trigger:
-    include:
-    - artifact: .child-python-builder.yml
-      job: prepare
-  only:
-    changes: [ images/python-builder/**, lib/**, .image-gitlab-ci.yml ]
-
-python-wsgi:
-  stage: python-wsgi
-  trigger:
-    include:
-    - artifact: .child-python-wsgi.yml
-      job: prepare
-  only:
-    changes: [ images/python-wsgi/**, lib/**, .image-gitlab-ci.yml ]
-
 rsyslogd:
   stage: rsyslogd
   trigger:

.image-gitlab-ci.yml

@@ -4,7 +4,7 @@ variables:
   IMAGE: {{ IMAGE }}
   PLATFORMS: linux/amd64,linux/arm64,linux/arm/v6,linux/arm/v7
   REGISTRY: $REGISTRY_URI/$CI_PROJECT_PATH
-  TRIVY_VERSION: 0.54.1
+  TRIVY_VERSION: 0.67.2
 
 stages:
   - Static Code Analysis

images/haproxy-keepalived/Dockerfile

@@ -1,4 +1,4 @@
-FROM haproxy:3.2.4-alpine
+FROM haproxy:3.2.7-alpine
 ARG BUILD_DATE
 ARG VCS_REF
 LABEL org.opencontainers.image.authors="Rich Braun docker@instantlinux.net" \

images/haproxy-keepalived/helm/Chart.yaml

@@ -7,8 +7,8 @@ sources:
 - https://github.com/haproxy/haproxy
 - https://github.com/acassen/keepalived
 type: application
-version: 0.1.19
-appVersion: "3.2.4-alpine-2.3.1-r0"
+version: 0.1.20
+appVersion: "3.2.7-alpine-2.3.1-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/mariadb-galera/Dockerfile

@@ -28,6 +28,8 @@ RUN groupmod -g $GID mysql && \
       /var/lib/apt/lists /var/cache/debconf/*old /root/.cache
 RUN pip install -r /root/common.txt --break-system-packages && \
     echo "dash dash/sh boolean false" | debconf-set-selections && \
+    # 'gosu' in MariaDB official image is incompatible with trivy scanner
+    rm /usr/local/bin/gosu && \
     dpkg-reconfigure dash || true
 
 EXPOSE 3306 4444 4567/udp 4567 4568

images/mariadb-galera/Makefile

@@ -1,18 +1,74 @@
-# Standard Makefile for python application
-#   created by rbraun @ splunk 7-Apr-2017
+# Standard Makefile for Docker image
+#   created by richb@instantlinux.net 20-Apr-2017
 
-SRC  ?= src
-VENV ?= python_env
-VDIR ?= $(PWD)/$(VENV)
+BUILDX      = https://github.com/docker/buildx/releases/download/v0.4.1/buildx-v0.4.1.linux-amd64
+PLATFORMS  ?= linux/amd64
+PUSH       ?= --push
+USER_LOGIN ?= instantlinux
+VENV        = python_env
+VDIR        = $(PWD)/$(VENV)
+
+export IMAGE_NAME  = $(REGISTRY)/$(IMAGE):$(TAG)
+export DOCKER_REPO = $(USER_LOGIN)/$(IMAGE)
+
+ifneq ($(CI_COMMIT_TAG),)
+  TAG_OPT   = --tag $(USER_LOGIN)$(IMAGE):$(CI_COMMIT_TAG)      
+endif
+
+# Exceptions
+ifeq ($(IMAGE),data-sync)
+  PLATFORMS = linux/amd64,linux/aarch64
+endif
+ifeq ($(IMAGE),mariadb-galera)
+  PLATFORMS = linux/amd64
+endif
+ifeq ($(IMAGE),mythtv-backend)
+  PLATFORMS = linux/amd64
+endif
+ifeq ($(IMAGE),nagiosql)
+  PLATFORMS = linux/amd64,linux/arm64,linux/arm/v7
+endif
+ifeq ($(IMAGE),postfix-python)
+  # qemu bombs out with cpu_exec assertion since Dec 2023 on arm/v7
+  PLATFORMS = linux/amd64,linux/aarch64,linux/arm64
+endif
+ifeq ($(IMAGE),$(filter $(IMAGE),python-builder python-wsgi))
+  # helm package on arm/v6 isn't supported as of Aug 2021
+  #  others had issues with pipenv hashes Jul 2023
+  PLATFORMS = linux/amd64,linux/arm64
+endif
+ifeq ($(IMAGE),spamassassin)
+  PLATFORMS = linux/amd64,linux/arm64
+endif
 
 analysis: flake8
-	@echo "Running static analysis"
+	  @echo "Running static analysis"
 
 test: pytest
 
 test_functional:
 	@echo "Running functional verification of running image"
-	@echo "--TODO not yet implemented--"
+
+create_image: $(HOME)/.docker/cli-plugins/docker-buildx
+	docker buildx build --tag $(REGISTRY)/$(IMAGE):$(TAG) --platform $(PLATFORMS) \
+	  $(PUSH) --file Dockerfile . \
+	  --build-arg=VCS_REF=$(CI_COMMIT_SHA) \
+	  --build-arg=BUILD_DATE=$(shell date +%Y-%m-%dT%H:%M:%SZ)
+
+promote_image: $(HOME)/.docker/cli-plugins/docker-buildx
+	# Log into dockerhub
+	docker login -u $(USER_LOGIN) -p $(DOCKER_TOKEN)
+	docker buildx build $(TAG_OPT) \
+	  `[ -e hooks/add_tags ] && hooks/add_tags` \
+	  --tag $(USER_LOGIN)/$(IMAGE):latest --platform $(PLATFORMS) \
+	  --push --file Dockerfile . \
+	  --build-arg=VCS_REF=$(CI_COMMIT_SHA) \
+	  --build-arg=BUILD_DATE=$(shell date +%Y-%m-%dT%H:%M:%SZ)
+	-if [ -x hooks/post_build ]; then sh hooks/post_build; fi
+
+	# TODO update dockerhub README if/when that is supported,
+	# see https://github.com/docker/hub-feedback/issues/1927
+	# and https://github.com/docker/hub-feedback/issues/2127
 
 flake8: test_requirements
 	@echo "Running flake8 code analysis"
@@ -22,12 +78,22 @@ python_env: $(VDIR)/bin/python
 
 test_requirements: python_env
 	@echo "Installing test requirements"
-	(. $(VDIR)/bin/activate && \
-	 pip install -r requirements/test.txt -r requirements/common.txt)
+	(if [ -f requirements/test.txt ]; then \
+	  . $(VDIR)/bin/activate && \
+	  pip install -r requirements/test.txt -r requirements/common.txt; \
+	 fi)
 
 $(VDIR)/bin/python:
 	@echo "Creating virtual environment"
-	python3 -m venv --system-site-packages $(VDIR)
+	virtualenv --system-site-packages $(VENV)
+
+$(HOME)/.docker/cli-plugins/docker-buildx:
+	mkdir -p $(HOME)/.docker/cli-plugins/
+	wget -O $(HOME)/.docker/cli-plugins/docker-buildx $(BUILDX)
+	chmod +x $(HOME)/.docker/cli-plugins/docker-buildx
+	docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+	docker buildx create --name multibuild
+	docker buildx use multibuild
 
 pytest: test_requirements
 	@echo "Running pytest unit tests"
@@ -43,7 +109,7 @@ pytest: test_requirements
 
 clean:
 	@echo "Cleaning out generated files"
-	@rm -rf ./$(SRC)/{.coverage,htmlcov,coverage.xml}
+	@rm -rf ./app/{.coverage,htmlcov,coverage.xml}
 	@find . -name \*.pyc -exec rm {} \;
 	@find . -name \*.log -exec rm {} \;
 	@find . -name \*~ -exec rm {} \;

images/mysqldump/Dockerfile

@@ -18,7 +18,7 @@ ENV HOUR=3 MINUTE=30 \
     TZ=UTC
 ARG UID=210
 ARG BACKUP_GID=34
-ARG CLIENT_VERSION=11.4.5-r2
+ARG CLIENT_VERSION=11.4.8-r0
 
 RUN RMGROUP=$(grep :$BACKUP_GID: /etc/group | cut -d: -f 1) && \
     [ -z "$RMGROUP" ] || delgroup $RMGROUP && \

images/mysqldump/helm/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://github.com/mariadb/server/tree/10.5/client
 type: application
-version: 0.1.13
-appVersion: "11.4.5-r2"
+version: 0.1.14
+appVersion: "11.4.8-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/postfix-python/Dockerfile

@@ -1,4 +1,4 @@
-ARG POSTFIX_VERSION=3.10.4-r0
+ARG POSTFIX_VERSION=3.10.5-r0
 
 FROM instantlinux/postfix:$POSTFIX_VERSION
 ARG BUILD_DATE

images/postfix-python/helm/Chart.yaml

@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://github.com/vdukhovni/postfix
 type: application
-version: 0.1.18
-appVersion: "3.10.4-r0"
+version: 0.1.19
+appVersion: "3.10.5-r0"
 dependencies:
 - name: chartlib
   version: 0.1.8

images/postfix/Dockerfile

@@ -7,7 +7,7 @@ LABEL org.opencontainers.image.authors="Rich Braun docker@instantlinux.net" \
     org.label-schema.name=postfix \
     org.label-schema.vcs-ref=$VCS_REF \
     org.label-schema.vcs-url=https://github.com/instantlinux/docker-tools
-ARG POSTFIX_VERSION=3.10.4-r0
+ARG POSTFIX_VERSION=3.10.5-r0
 ENV SASL_SECRETNAME=postfix-sasl-passwd \
     TZ=UTC