-
Notifications
You must be signed in to change notification settings - Fork 932
/
Copy pathDockerfile
134 lines (107 loc) · 4.2 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
###################
# Stage 1: Prebuild to save space in the final image.
FROM docker.io/phusion/baseimage:noble-1.0.0 AS prebuilder
# install necessary packages for building gems
RUN apt-get update && apt-get install -y \
build-essential \
git \
ruby-dev \
# Needed to build Net::SCP from https://github.com/robertcheramy/net-scp.git
# Can be removed after issue
# https://github.com/robertcheramy/net-scp/issues/1 is fixed
rubocop \
&& rm -rf /var/lib/apt/lists/*
# create bundle directory
RUN mkdir -p /usr/local/bundle
ENV GEM_HOME=/usr/local/bundle
###################
# Install the x25519 gem
RUN gem install x25519 --no-document
###################
# build net-scp from https://github.com/robertcheramy/net-scp for APC devices
WORKDIR /tmp/net-scp/
RUN git clone -c advice.detachedHead=false --branch 4.0.3.fork --single-branch https://github.com/robertcheramy/net-scp.git /tmp/net-scp
RUN rake build
###################
# build oxidized
COPY . /tmp/oxidized/
WORKDIR /tmp/oxidized
# docker automated build gets shallow copy, but non-shallow copy cannot be unshallowed
RUN git fetch --unshallow || true
# Remove any older gems of oxidized if they exist
RUN rm pkg/* || true
# Ensure rugged is built with ssh support
RUN rake build
###################
# Stage2: build an oxidized container from phusion/baseimage-docker and install x25519 from stage1
FROM docker.io/phusion/baseimage:noble-1.0.0
ENV DEBIAN_FRONTEND=noninteractive
##### Place "static" commands at the beginning to optimize image size and build speed
# add non-privileged user
ARG UID=30000
ARG GID=$UID
RUN groupadd -g "${GID}" -r oxidized && useradd -u "${UID}" -r -m -d /home/oxidized -g oxidized oxidized
# link config for msmtp for easier use.
RUN ln -s /home/oxidized/.config/oxidized/.msmtprc /home/oxidized/
# create parent directory & touch required file
RUN mkdir -p /home/oxidized/.config/oxidized/
RUN touch /home/oxidized/.config/oxidized/.msmtprc
# setup the access to the file
RUN chmod 600 /home/oxidized/.msmtprc
RUN chown oxidized:oxidized /home/oxidized/.msmtprc
# add runit services
COPY extra/oxidized.runit /etc/service/oxidized/run
COPY extra/auto-reload-config.runit /etc/service/auto-reload-config/run
COPY extra/update-ca-certificates.runit /etc/service/update-ca-certificates/run
# set up dependencies for the build process
RUN apt-get -yq update \
&& apt-get -yq upgrade \
&& apt-get -yq --no-install-recommends install ruby \
# Build process of oxidized from git (beloww)
git \
# Allow git send-email from docker image
git-email libmailtools-perl \
# Allow sending emails in the docker container
msmtp \
# Debuging tools inside the container
inetutils-telnet \
# Use ubuntu gems where possible
# Gems needed by oxidized
ruby-rugged ruby-slop ruby-psych \
ruby-net-telnet ruby-net-ssh ruby-net-ftp ruby-ed25519 \
# Gem dependencies for inputs
ruby-net-http-persistent ruby-mechanize \
# Gem dependencies for sources
ruby-sqlite3 ruby-mysql2 ruby-pg ruby-sequel ruby-gpgme\
# Gem dependencies for hooks
ruby-aws-sdk ruby-xmpp4r \
# Gems needed by oxidized-web
ruby-charlock-holmes ruby-haml ruby-htmlentities ruby-json \
puma ruby-sinatra ruby-sinatra-contrib \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
# copy the compiled gem from the builder stage
COPY --from=prebuilder /usr/local/bundle /usr/local/bundle
# Set environment variables for bundler
ENV GEM_HOME="/usr/local/bundle"
ENV PATH="$GEM_HOME/bin:$PATH"
# Install previously built net-scp
COPY --from=prebuilder /tmp/net-scp/pkg/net-scp-4.0.3.fork.gem /tmp/
RUN gem install /tmp/net-scp-4.0.3.fork.gem
# gems not available in ubuntu noble
RUN gem install --no-document \
# dependencies for hooks
slack-ruby-client cisco_spark \
# dependencies for specific inputs
net-tftp
# install oxidized from prebuilder
# The Dockerfile ist version-independent, so use oxidized-*.gem to cach the gem
RUN mkdir -p /tmp/oxidized
COPY --from=prebuilder /tmp/oxidized/pkg/oxidized-*.gem /tmp/oxidized/
RUN gem install /tmp/oxidized/oxidized-*.gem
# install oxidized-web
RUN gem install oxidized-web --no-document
# clean up
WORKDIR /
RUN rm -rf /tmp/oxidized
EXPOSE 8888/tcp