Make Kafka container multi-arch and upgrade to 2.8.2

PostHog · Sep 15, 2023 · a86a941 · a86a941
1 parent 65eb10b
commit a86a941
Show file tree

Hide file tree

Showing 4 changed files with 127 additions and 33 deletions.
diff --git a/docker/kafka/Dockerfile b/docker/kafka/Dockerfile
@@ -1,21 +1,35 @@
 FROM docker.io/bitnami/minideb:bullseye
-LABEL maintainer "Bitnami <[email protected]>"
+
+ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
+ARG TARGETARCH
 
 ENV HOME="/" \
-    OS_ARCH="amd64" \
+    OS_ARCH="${TARGETARCH:-amd64}" \
     OS_FLAVOUR="debian-11" \
     OS_NAME="linux"
 
-ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
-
 COPY prebuildfs /
 # Install required system packages and dependencies
 RUN install_packages acl ca-certificates curl gzip libc6 procps tar zlib1g
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "java" "11.0.15-150" --checksum fe6b65886a6b1f545508e272efbf422054ee030c867f94ebec2f93c5518252de
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "gosu" "1.14.0-150" --checksum da4a2f759ccc57c100d795b71ab297f48b31c4dd7578d773d963bbd49c42bd7b
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "wait-for-port" "1.0.3-150" --checksum 1013e2ebbe58e5dc8f3c79fc952f020fc5306ba48463803cacfbed7779173924
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "render-template" "1.0.3-150" --checksum 8b992a5ee513c5eaca52b19232b21a93588ddf4c4850be4d47c6f19b11d1d90a
-RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "kafka" "2.8.1-150" --checksum 3994379a01d6f037fbf6a4dcc24cce706f372bdfe131f3115c60bfce3520852f
+RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "wait-for-port" "1.0.6-13"
+RUN . /opt/bitnami/scripts/libcomponent.sh && component_unpack "render-template" "1.0.5-13"
+RUN if [ "$TARGETARCH" = "amd64" ]; then \
+        curl --remote-name --silent --show-error --fail https://download.oracle.com/java/17/archive/jdk-17.0.2_linux-x64_bin.tar.gz; \
+        tar xf jdk-17.0.2_linux-x64_bin.tar.gz; \
+        mv jdk-17.0.2 /opt/bitnami/java; \
+        rm jdk-17.0.2_linux-x64_bin.tar.gz; \
+    elif [ "$TARGETARCH" = "arm64" ]; then \
+        curl --remote-name --silent --show-error --fail https://download.oracle.com/java/17/archive/jdk-17.0.2_linux-aarch64_bin.tar.gz; \
+        tar xf jdk-17.0.2_linux-aarch64_bin.tar.gz; \
+        mv jdk-17.0.2 /opt/bitnami/java; \
+        rm jdk-17.0.2_linux-aarch64_bin.tar.gz; \
+    else \
+        echo "Only arm64 and amd64 are supported." && exit 1; \
+    fi
+RUN curl --remote-name --silent --show-error --fail https://archive.apache.org/dist/kafka/2.8.2/kafka_2.12-2.8.2.tgz; \
+    tar xf kafka_2.12-2.8.2.tgz; \
+    mv kafka_2.12-2.8.2 /opt/bitnami/kafka; \
+    rm kafka_2.12-2.8.2.tgz
 RUN apt-get update && apt-get upgrade -y && \
     rm -r /var/lib/apt/lists /var/cache/apt/archives
 RUN chmod g+rwX /opt/bitnami
@@ -25,7 +39,7 @@ RUN ln -s /opt/bitnami/scripts/kafka/run.sh /run.sh
 COPY rootfs /
 RUN /opt/bitnami/scripts/java/postunpack.sh
 RUN /opt/bitnami/scripts/kafka/postunpack.sh
-ENV APP_VERSION="2.8.1" \
+ENV APP_VERSION="2" \
     BITNAMI_APP_NAME="kafka" \
     JAVA_HOME="/opt/bitnami/java" \
     PATH="/opt/bitnami/java/bin:/opt/bitnami/common/bin:/opt/bitnami/kafka/bin:$PATH"

diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libcomponent.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libcomponent.sh
@@ -3,7 +3,6 @@
 # Library for managing Bitnami components
 
 # Constants
-CACHE_ROOT="/tmp/bitnami/pkg/cache"
 DOWNLOAD_URL="https://downloads.bitnami.com/files/stacksmith"
 
 # Functions
@@ -24,42 +23,28 @@ component_unpack() {
     local name="${1:?name is required}"
     local version="${2:?version is required}"
     local base_name="${name}-${version}-${OS_NAME}-${OS_ARCH}-${OS_FLAVOUR}"
-    local package_sha256=""
     local directory="/opt/bitnami"
 
     # Validate arguments
     shift 2
     while [ "$#" -gt 0 ]; do
         case "$1" in
-            -c|--checksum)
-                shift
-                package_sha256="${1:?missing package checksum}"
-                ;;
             *)
                 echo "Invalid command line flag $1" >&2
                 return 1
                 ;;
         esac
         shift
     done
-
+    set -x
     echo "Downloading $base_name package"
-    if [ -f "${CACHE_ROOT}/${base_name}.tar.gz" ]; then
-        echo "${CACHE_ROOT}/${base_name}.tar.gz already exists, skipping download."
-        cp "${CACHE_ROOT}/${base_name}.tar.gz" .
-        rm "${CACHE_ROOT}/${base_name}.tar.gz"
-        if [ -f "${CACHE_ROOT}/${base_name}.tar.gz.sha256" ]; then
-            echo "Using the local sha256 from ${CACHE_ROOT}/${base_name}.tar.gz.sha256"
-            package_sha256="$(< "${CACHE_ROOT}/${base_name}.tar.gz.sha256")"
-            rm "${CACHE_ROOT}/${base_name}.tar.gz.sha256"
-        fi
-    else
 	curl --remote-name --silent --show-error --fail "${DOWNLOAD_URL}/${base_name}.tar.gz"
-    fi
-    if [ -n "$package_sha256" ]; then
-        echo "Verifying package integrity"
-        echo "$package_sha256  ${base_name}.tar.gz" | sha256sum --check - || return "$?"
-    fi
+
+    echo "Verifying package integrity"
+    curl --remote-name --silent --show-error --fail "${DOWNLOAD_URL}/${base_name}.tar.gz.sha256"
+    cat ${base_name}.tar.gz.sha256 | sha256sum --check - || return "$?"
+    rm "${base_name}.tar.gz.sha256"
+
     tar --directory "${directory}" --extract --gunzip --file "${base_name}.tar.gz" --no-same-owner --strip-components=2 || return "$?"
     rm "${base_name}.tar.gz"
 }
diff --git a/docker/kafka/prebuildfs/opt/bitnami/scripts/libos.sh b/docker/kafka/prebuildfs/opt/bitnami/scripts/libos.sh
@@ -464,3 +464,98 @@ convert_to_hex() {
         printf '%x' "'${char}"
     done
 }
+
+########################
+# Run command as a specific user and group (optional)
+# Arguments:
+#   $1 - USER(:GROUP) to switch to
+#   $2..$n - command to execute
+# Returns:
+#   Exit code of the specified command
+#########################
+run_as_user() {
+    run_chroot "$@"
+}
+
+########################
+# Execute command as a specific user and group (optional),
+# replacing the current process image
+# Arguments:
+#   $1 - USER(:GROUP) to switch to
+#   $2..$n - command to execute
+# Returns:
+#   Exit code of the specified command
+#########################
+exec_as_user() {
+    run_chroot --replace-process "$@"
+}
+
+########################
+# Run a command using chroot
+# Arguments:
+#   $1 - USER(:GROUP) to switch to
+#   $2..$n - command to execute
+# Flags:
+#   -r | --replace-process - Replace the current process image (optional)
+# Returns:
+#   Exit code of the specified command
+#########################
+run_chroot() {
+    local userspec
+    local user
+    local homedir
+    local replace=false
+    local -r cwd="$(pwd)"
+
+    # Parse and validate flags
+    while [[ "$#" -gt 0 ]]; do
+        case "$1" in
+            -r | --replace-process)
+                replace=true
+                ;;
+            --)
+                shift
+                break
+                ;;
+            -*)
+                stderr_print "unrecognized flag $1"
+                return 1
+                ;;
+            *)
+                break
+                ;;
+        esac
+        shift
+    done
+
+    # Parse and validate arguments
+    if [[ "$#" -lt 2 ]]; then
+        echo "expected at least 2 arguments"
+        return 1
+    else
+        userspec=$1
+        shift
+
+        # userspec can optionally include the group, so we parse the user
+        user=$(echo "$userspec" | cut -d':' -f1)
+    fi
+
+    if ! am_i_root; then
+        error "Could not switch to '${userspec}': Operation not permitted"
+        return 1
+    fi
+
+    # Get the HOME directory for the user to switch, as chroot does
+    # not properly update this env and some scripts rely on it
+    homedir=$(eval echo "~${user}")
+    if [[ ! -d $homedir ]]; then
+        homedir="${HOME:-/}"
+    fi
+
+    # Obtaining value for "$@" indirectly in order to properly support shell parameter expansion
+    if [[ "$replace" = true ]]; then
+        exec chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
+    else
+        chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
+    fi
+}
diff --git a/docker/kafka/rootfs/opt/bitnami/scripts/kafka/run.sh b/docker/kafka/rootfs/opt/bitnami/scripts/kafka/run.sh
@@ -29,7 +29,7 @@ START_COMMAND=("$KAFKA_HOME/bin/kafka-server-start.sh" "${flags[@]}" "$@")
 
 info "** Starting Kafka **"
 if am_i_root; then
-    exec gosu "$KAFKA_DAEMON_USER" "${START_COMMAND[@]}"
+    exec exec_as_user "$KAFKA_DAEMON_USER" "${START_COMMAND[@]}"
 else
     exec "${START_COMMAND[@]}"
 fi