Merge pull request #11 from redhatrises/update_dockerfile

Update Falcon Sensor Dockerfile

Dockerfile

@@ -6,64 +6,58 @@
 FROM registry.access.redhat.com/ubi8/ubi:8.1
 USER root
 
+ARG container_version
+
+# BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+ARG BUILD_DATE
+
+# VCS_REF=$(git rev-parse --short HEAD)
+ARG VCS_REF
+
+ARG FALCON_RPM
+
 #
 # Friendly reminder that generated container images are from an open source
 # project, and not a formal CrowdStrike product.
 #
-LABEL maintainer="https://github.com/CrowdStrike/dockerfiles/"
-
-#
-# Apply updates to base image.
-#
-RUN yum -y update --disablerepo=* --enablerepo=ubi-8-appstream --enablerepo=ubi-8-baseos && yum -y clean all && rm -rf /var/cache/yum
+LABEL maintainer="https://github.com/CrowdStrike/dockerfiles/" \
+      org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.schema-version="1.0" \
+      org.label-schema.description="CrowdStrike's Containerized Falcon Linux Sensor" \
+      org.label-schema.vendor="https://github.com/CrowdStrike/dockerfiles/" \
+      org.label-schema.url="https://github.com/CrowdStrike/dockerfiles/" \
+      org.label-schema.vcs-url="https://github.com/CrowdStrike/dockerfiles/" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.docker.cmd="docker run -d --privileged -v /var/log:/var/log \
+                                   --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
+                                   --net=host --pid=host --uts=host --ipc=host \
+                                   falcon-sensor" \
+      org.label-schema.container_version=$container_version \
+      io.openshift.tags="crowdstrike,falcon" \
+      io.k8s.description="CrowdStrike's Containerized Falcon Linux Sensor"
+#      io.openshift.min-memory       8Gi
+#      io.openshift.min-cpu          4
 
 #
-# Copy Falcon Agent RPM into container & install it, then remove the RPM
+# 1. Apply updates to base image and install dependencies
+# 2. Copy Falcon Agent RPM into container & install it, then remove the RPM
 #
-# TO DO: For now this script copies the full RPM and renames to /tmp/falcon-agent.rpm. This should be
-#        changed to a parameter at some point.
-#
-COPY ./falcon-sensor-6.14.0-11150.el8.x86_64.rpm /tmp/falcon-agent.rpm
-RUN yum -y install --disablerepo=* --enablerepo=ubi-8-appstream --enablerepo=ubi-8-baseos libnl3 net-tools zip openssl hostname iproute /tmp/falcon-agent.rpm && yum -y clean all && rm -rf /var/cache/yum && rm /tmp/falcon-agent.rpm
+COPY ./$FALCON_RPM /tmp/falcon-sensor.rpm
+RUN yum -y update && \
+    yum -y install --disablerepo=* \
+    --enablerepo=ubi-8-appstream \
+    --enablerepo=ubi-8-baseos \
+    libnl3 net-tools zip openssl hostname iproute /tmp/falcon-sensor.rpm && \
+    yum -y clean all && rm -rf /var/cache/yum && \
+    rm -f /tmp/falcon-sensor.rpm
 
 #
 # Copy the entrypoint script into the container and make sure
 # that its executable. Add the symlink for backwards compatability
 #
 COPY entrypoint.sh /usr/local/bin/
-RUN chmod +x /usr/local/bin/entrypoint.sh
 RUN ln -s /usr/local/bin/entrypoint.sh /
 
-
-ARG container_version
-
-# BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
-ARG BUILD_DATE
-
-# VCS_REF=$(git rev-parse --short HEAD)
-ARG VCS_REF
-
-# Standard Dockerfile Tags
-LABEL org.label-schema.build-date       $BUILD_DATE
-LABEL org.label-schema.schema-version   "1.0"
-LABEL org.label-schema.description      "CrowdStrike's Containerized Falcon Linux Sensor"
-LABEL org.label-schema.vendor           "https://github.com/CrowdStrike/dockerfiles/"
-LABEL org.label-schema.url              "https://github.com/CrowdStrike/dockerfiles/"
-LABEL org.label-schema.vcs-url          "https://github.com/CrowdStrike/dockerfiles/"
-LABEL org.label-schema.vcs-ref          $VCS_REF
-LABEL org.label-schema.docker.cmd \
-    "docker run -d --privileged -v /var/log:/var/log \
-    --mount type=bind,source=/var/run/docker.sock,destination=/var/run/docker.sock \
-    --net=host --pid=host --uts=host --ipc=host \
-    falcon-sensor"
-LABEL org.label-schema.container_version $container_version
-
-# OpenShift-specific Tags
-LABEL io.openshift.tags             crowdstrike,falcon
-LABEL io.k8s.description            "CrowdStrike's Containerized Falcon Linux Sensor"
-#LABEL io.openshift.min-memory       8Gi
-#LABEL io.openshift.min-cpu          4
-
 ENV PATH ".:/bin:/usr/bin:/sbin:/usr/sbin"
 WORKDIR /opt/CrowdStrike
 

README.md

@@ -2,29 +2,19 @@
 This project helps build the scaffolding for customers to containerize their falcon sensor.
 
 ## Pre-Launch Checklist
-* Install `docker` if not already present on the build host. In theory 
-[podman](https://developers.redhat.com/blog/2019/02/21/podman-and-buildah-for-docker-users/) should be
-a drop-in replacement for development on Linux hosts, but has not yet been tested.
+* Install `docker` or `podman` if not already present on the build host. The following instructions use `docker` commands, but `podman` commands [work just fine as well](https://developers.redhat.com/blog/2019/02/21/podman-and-buildah-for-docker-users/).
 
 * Your CrowdStrike Customer ID (CID) is required to ensure the container associates itself with your account upon launch. Your CID can be found at [https://falcon.crowdstrike.com/hosts/sensor-downloads](https://falcon.crowdstrike.com/hosts/sensor-downloads).
 
-* Update entrypoint.sh with your CID, e.g.:
+* Update entrypoint.sh with your CID if you wish to hard-code your CID, e.g.:
   ```console
   CLOUDSIM_CID="YOURCID"
   ```
 
-  This could be replaced with a sed one-liner such as ``sed -i 's/YOURCID/xyz/r' entrypoint.sh``. Try not to commit your CID to your Git repo! 
-
-* Download the RHEL/CentOS/Oracle 8 sensor from [https://falcon.crowdstrike.com/hosts/sensor-downloads](https://falcon.crowdstrike.com/hosts/sensor-downloads) and place into this directory. The ``Dockerfile`` references this file and copies it into the container during ``docker build``:
-
-  ```shell
-  COPY ./falcon-sensor-5.33.0-9808.el8.x86_64.rpm /tmp/falcon-agent.rpm
-
-  RUN yum -y install --disablerepo=* --enablerepo=ubi-8-appstream --enablerepo=ubi-8-baseos /tmp/falcon-agent.rpm && yum -y clean all && rm -rf /var/cache/yum && rm /tmp/falcon-agent.rpm 
-  ```
-
-  At some point we'll parameterize the RPM name.
+  This could be replaced with a sed one-liner such as ``sed -i 's/YOURCID/xyz/r' entrypoint.sh``. Try not to commit your CID to your Git repo!
+  Alternatively, using `-e FALCONCTL_OPT_CID=<<YOUR CID>>` when running the container detached (when the `-d` argument is used. See below) is easier rather than hard-coding your CID and creating a new container image.
 
+* Download the RHEL/CentOS/Oracle 8 sensor from [https://falcon.crowdstrike.com/hosts/sensor-downloads](https://falcon.crowdstrike.com/hosts/sensor-downloads) and place into this directory. The ``Dockerfile`` references this file and copies it into the container during ``docker build`` through the build argument `FALCON_RPM`.
 
 ## Build
 Build the container using the [included Dockerfile](https://github.com/CrowdStrike/dockerfiles/blob/master/Dockerfile) through a command such as:
@@ -33,6 +23,7 @@ Build the container using the [included Dockerfile](https://github.com/CrowdStri
 $ docker build --no-cache=true \
 --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \
 --build-arg VCS_REF=$(git rev-parse --short HEAD) \
+--build-arg FALCON_RPM=falcon-sensor-5.33.0-9808.el8.x86_64.rpm
 -t falcon-sensor:latest .
 ```
 
@@ -92,7 +83,7 @@ $ CONTAINER_ID=$(docker run -d \
 -v /var/log:/var/log falcon-sensor)
 ```
 
-Replace ``<<your CID>>`` with your CrowdStrike Customer ID (CID). This can be found at [https://falcon.crowdstrike.com/hosts/sensor-downloads](https://falcon.crowdstrike.com/hosts/sensor-downloads). 
+Replace ``<<your CID>>`` with your CrowdStrike Customer ID (CID). This can be found at [https://falcon.crowdstrike.com/hosts/sensor-downloads](https://falcon.crowdstrike.com/hosts/sensor-downloads).
 
 ### Running `falconctl`
 `falconctl` can be invoked inside a running sensor container with `docker exec`:
@@ -124,4 +115,4 @@ $ docker push yourDockerHubAccount/yourPrivateRepo
 ```
 
 ## Many Thanks
-Thank you to [Dinesh Subhraveti](https://www.linkedin.com/in/subhraveti/) whose initial code inspired this repo!
+Thank you to [Dinesh Subhraveti](https://www.linkedin.com/in/subhraveti/) whose initial code inspired this repo!