Dockerfile.satellite

FROM centos:centos7 as builder

ENV LINSTOR_VERSION 1.11.1
ARG ARCH=amd64

ENV LINSTOR_TGZNAME linstor-server
ENV LINSTOR_TGZ ${LINSTOR_TGZNAME}-${LINSTOR_VERSION}.tar.gz

USER root
RUN yum -y update-minimal --security --sec-severity=Important --sec-severity=Critical
RUN case $ARCH in \
	amd64) cp /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 /etc/pki/rpm-gpg/tools-key ;;\
	s390x) cp /etc/pki/rpm-gpg/RPM-GPG-KEY-ClefOS-7 /etc/pki/rpm-gpg/tools-key ;;\
	*) echo "unsupported ARCH: $ARCH"; exit 1 ;;\
	esac

RUN groupadd makepkg # !lbbuild
RUN useradd -m -g makepkg makepkg # !lbbuild

RUN yum install -y sudo # !lbbuild
RUN usermod -a -G wheel makepkg # !lbbuild

RUN yum install -y rpm-build wget unzip which make git java-1.8.0-openjdk-devel && yum clean all -y # !lbbuild
RUN rpm -e --nodeps fakesystemd && yum install -y systemd && yum clean all -y || true # !lbbuild

RUN mkdir -p /tmp/linstor-$LINSTOR_VERSION
# one can not comment COPY
RUN cd /tmp && wget https://www.linbit.com/downloads/linstor/$LINSTOR_TGZ # !lbbuild
# =lbbuild COPY /${LINSTOR_TGZ} /tmp/

# =lbbuild COPY /pkgcache/* /tmp/pkgcache/

# link gradle to gradle-wrapper
RUN ln -s /home/makepkg/${LINSTOR_TGZNAME}-${LINSTOR_VERSION}/gradlew /usr/local/bin/gradle # !lbbuild

USER makepkg

RUN cd ${HOME} && \
  cp /tmp/${LINSTOR_TGZ} ${HOME} && \
  mkdir -p ${HOME}/rpmbuild/SOURCES && \
  mkdir -p ${HOME}/rpmbuild/RPMS/noarch && \
  cp /tmp/${LINSTOR_TGZ} ${HOME}/rpmbuild/SOURCES && \
  tar xvf ${LINSTOR_TGZ}

RUN cd ${HOME}/${LINSTOR_TGZNAME}-${LINSTOR_VERSION} && ./gradlew wrapper -PversionOverride= # !lbbuild

RUN cd ${HOME}/${LINSTOR_TGZNAME}-${LINSTOR_VERSION} && \
  ( cp /tmp/pkgcache/linstor-common*.rpm    ${HOME}/rpmbuild/RPMS/noarch/ && \
    cp /tmp/pkgcache/linstor-satellite*.rpm ${HOME}/rpmbuild/RPMS/noarch/    \
  ) || rpmbuild -bb --define "debug_package %{nil}"  linstor.spec


FROM quay.io/linbit/drbd-utils
# this is/needs to be based on registry.access.redhat.com/ubi7/ubi

ENV LINSTOR_VERSION 1.11.1
ARG release=1
ARG ARCH=amd64

LABEL name="linstor-satellite" \
      vendor="LINBIT" \
      version="$LINSTOR_VERSION" \
      release="$release" \
      summary="LINSTOR's satellite component" \
      description="LINSTOR's satellite component"

COPY COPYING /licenses/gpl-3.0.txt

COPY --from=builder /home/makepkg/rpmbuild/RPMS/noarch/*.rpm /tmp/
RUN yum -y update-minimal --security --sec-severity=Important --sec-severity=Critical && \
  yum install -y which lvm2 util-linux socat && yum install -y /tmp/linstor-common*.rpm /tmp/linstor-satellite*.rpm && yum clean all -y

# repo for additional tools not in UBI (cryptsetup,...)
COPY --from=builder /etc/pki/rpm-gpg/tools-key /etc/pki/rpm-gpg/
COPY scripts/centos_clefos_tools.sh /tmp/
RUN /tmp/centos_clefos_tools.sh "$ARCH"

# linbit public repo for thin-send-recv
RUN curl https://packages.linbit.com/package-signing-pubkey.asc > /etc/pki/rpm-gpg/package-signing-pubkey.asc
RUN { \
	echo '[linbit-public]' ;\
	echo 'name=LINBIT Public Packages for - $basearch;' ;\
	echo 'baseurl=https://packages.linbit.com/public/yum/rhel7/misc/$basearch/' ;\
	echo 'enabled=1' ;\
	echo 'gpgkey=file:///etc/pki/rpm-gpg/package-signing-pubkey.asc' ;\
	echo 'gpgcheck=1' ;\
} >/etc/yum.repos.d/linbit-public.repo

# currently no thin-send-recv/snapshotshipping on !amd64.
# we will build that for s390x soon, then we can rm the conditional
RUN yum install -y cryptsetup nvme-cli epel-release && \
	yum install -y zstd && \
	if [ "$ARCH" = amd64 ]; then yum install -y thin-send-recv; fi && \
	yum clean all -y

RUN sed -i 's/udev_rules.*=.*/udev_rules=0/' /etc/lvm/lvm.conf
RUN sed -i '/^devices {/a global_filter = [ "r|^/dev/drbd|" ]' /etc/lvm/lvm.conf

EXPOSE 3366/tcp 3367/tcp

COPY scripts/entry.sh /

CMD ["startSatellite"]
ENTRYPOINT ["/entry.sh"]