From 37d09f898fcbbf2af6ec3e2a09506c17663c0f58 Mon Sep 17 00:00:00 2001 From: Olivia Yan Date: Mon, 22 Apr 2024 00:18:04 -0400 Subject: [PATCH] Add arm build images --- Makefile | 32 +++++- base/amazon-linux-2023/Dockerfile | 31 ++++++ base/amazon-linux-2023/install.sh | 102 ++++++++++++++++++++ splunk/common-files/Dockerfile | 5 +- splunk/common-files/make-minimal-exclude.py | 27 +++--- uf/common-files/Dockerfile | 5 +- 6 files changed, 173 insertions(+), 29 deletions(-) create mode 100644 base/amazon-linux-2023/Dockerfile create mode 100755 base/amazon-linux-2023/install.sh diff --git a/Makefile b/Makefile index aa741830..e6d19543 100644 --- a/Makefile +++ b/Makefile @@ -17,9 +17,13 @@ endif # Linux Splunk arguments SPLUNK_LINUX_FILENAME ?= splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-${SPLUNK_ARCH}.tgz +SPLUNK_ARM_FILENAME ?= splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-${SPLUNK_ARCH}.tgz SPLUNK_LINUX_BUILD_URL ?= https://download.splunk.com/products/${SPLUNK_PRODUCT}/releases/${SPLUNK_VERSION}/linux/${SPLUNK_LINUX_FILENAME} +SPLUNK_ARM_BUILD_URL ?= https://download.splunk.com/products/${SPLUNK_PRODUCT}/releases/${SPLUNK_VERSION}/linux/${SPLUNK_ARM_FILENAME} UF_LINUX_FILENAME ?= splunkforwarder-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-${SPLUNK_ARCH}.tgz UF_LINUX_BUILD_URL ?= https://download.splunk.com/products/universalforwarder/releases/${SPLUNK_VERSION}/linux/${UF_LINUX_FILENAME} +UF_ARM_FILENAME ?= splunkforwarder-${SPLUNK_VERSION}-${SPLUNK_BUILD}-Linux-${SPLUNK_ARCH}.tgz +UF_ARM_BUILD_URL ?= https://download.splunk.com/products/universalforwarder/releases/${SPLUNK_VERSION}/linux/${UF_ARM_FILENAME} # Windows Splunk arguments SPLUNK_WIN_FILENAME ?= splunk-${SPLUNK_VERSION}-${SPLUNK_BUILD}-x64-release.msi SPLUNK_WIN_BUILD_URL ?= https://download.splunk.com/products/${SPLUNK_PRODUCT}/releases/${SPLUNK_VERSION}/windows/${SPLUNK_WIN_FILENAME} @@ -32,8 +36,8 @@ SCANNER_DATE := `date +%Y-%m-%d` SCANNER_DATE_YEST := `TZ=GMT+24 +%Y:%m:%d` SCANNER_VERSION := v8 SCANNER_LOCALIP := $(shell ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*' | grep -v '127.0.0.1' | awk '{print $1}' | head -n 1) -SCANNER_IMAGES_TO_SCAN := splunk-debian-9 splunk-debian-10 splunk-centos-7 splunk-redhat-8 uf-debian-9 uf-debian-10 uf-centos-7 uf-redhat-8 splunk-py23-debian-9 splunk-py23-debian-10 splunk-py23-centos-7 splunk-py23-redhat-8 uf-py23-debian-9 uf-py23-debian-10 uf-py23-centos-7 uf-py23-redhat-8 -CONTAINERS_TO_SAVE := splunk-debian-9 splunk-debian-10 splunk-centos-7 splunk-redhat-8 uf-debian-9 uf-debian-10 uf-centos-7 uf-redhat-8 splunk-py23-debian-9 splunk-py23-debian-10 splunk-py23-centos-7 splunk-py23-redhat-8 uf-py23-debian-9 uf-py23-debian-10 uf-py23-centos-7 uf-py23-redhat-8 +SCANNER_IMAGES_TO_SCAN := splunk-debian-9 splunk-debian-10 splunk-centos-7 splunk-redhat-8 splunk-arm64-amazon-linux-2023 uf-arm64-amazon-linux-2023 uf-debian-9 uf-debian-10 uf-centos-7 uf-redhat-8 splunk-py23-debian-9 splunk-py23-debian-10 splunk-py23-centos-7 splunk-py23-redhat-8 uf-py23-debian-9 uf-py23-debian-10 uf-py23-centos-7 uf-py23-redhat-8 +CONTAINERS_TO_SAVE := splunk-debian-9 splunk-debian-10 splunk-centos-7 splunk-redhat-8 uf-debian-9 splunk-arm64-amazon-linux-2023 uf-arm64-amazon-linux-2023 uf-debian-10 uf-centos-7 uf-redhat-8 splunk-py23-debian-9 splunk-py23-debian-10 splunk-py23-centos-7 splunk-py23-redhat-8 uf-py23-debian-9 uf-py23-debian-10 uf-py23-centos-7 uf-py23-redhat-8 ifeq ($(shell uname), Linux) SCANNER_FILE = clair-scanner_linux_amd64 else ifeq ($(shell uname), Darwin) @@ -57,7 +61,7 @@ ansible: @cat splunk-ansible/version.txt ##### Base images ##### -base: base-debian-9 base-debian-10 base-centos-7 base-centos-8 base-redhat-8 base-windows-2016 +base: base-debian-9 base-debian-10 base-centos-7 base-centos-8 base-redhat-8 base-windows-2016 base-arm64-amazon-linux-2023 base-debian-10: docker build ${DOCKER_BUILD_FLAGS} -t base-debian-10:${IMAGE_VERSION} ./base/debian-10 @@ -80,6 +84,9 @@ base-redhat-8-armv8: base-windows-2016: docker build ${DOCKER_BUILD_FLAGS} -t base-windows-2016:${IMAGE_VERSION} ./base/windows-2016 +base-arm64-amazon-linux-2023: + docker build ${DOCKER_BUILD_FLAGS} --platform=linux/arm64/v8 --label version=${SPLUNK_VERSION} -t base-arm64-amazon-linux-2023:${IMAGE_VERSION} ./base/amazon-linux-2023 + ##### Minimal images ##### minimal: minimal-debian-9 minimal-debian-10 minimal-centos-7 minimal-centos-8 minimal-redhat-8 @@ -157,7 +164,7 @@ bare-redhat-8: base-redhat-8 --target bare -t bare-redhat-8:${IMAGE_VERSION} . ##### Splunk images ##### -splunk: ansible splunk-debian-9 splunk-debian-10 splunk-centos-7 splunk-centos-8 splunk-redhat-8 +splunk: ansible splunk-debian-9 splunk-debian-10 splunk-centos-7 splunk-centos-8 splunk-redhat-8 splunk-arm64-amazon-linux-2023 splunk-debian-9: base-debian-9 ansible docker build ${DOCKER_BUILD_FLAGS} \ @@ -201,6 +208,14 @@ splunk-windows-2016: base-windows-2016 ansible --build-arg SPLUNK_BUILD_URL=${SPLUNK_WIN_BUILD_URL} \ -t splunk-windows-2016:${IMAGE_VERSION} . +splunk-arm64-amazon-linux-2023: base-arm64-amazon-linux-2023 ansible + docker build ${DOCKER_BUILD_FLAGS} \ + --platform=linux/arm64/v8 \ + -f splunk/common-files/Dockerfile \ + --build-arg SPLUNK_BASE_IMAGE=base-arm64-amazon-linux-2023 \ + --build-arg SPLUNK_BUILD_URL=${SPLUNK_ARM_BUILD_URL} \ + -t splunk-arm64-amazon-linux-2023:${IMAGE_VERSION} . + ##### UF images ##### uf: ansible uf-debian-9 uf-debian-10 uf-centos-7 uf-centos-8 uf-redhat-8 @@ -268,6 +283,13 @@ uf-windows-2016: base-windows-2016 ansible --build-arg SPLUNK_BUILD_URL=${UF_WIN_BUILD_URL} \ -t uf-windows-2016:${IMAGE_VERSION} . +uf-arm64-amazon-linux-2023: base-arm64-amazon-linux-2023 ansible + docker build ${DOCKER_BUILD_FLAGS} \ + --platform=linux/arm64/v8 \ + -f uf/common-files/Dockerfile \ + --build-arg SPLUNK_BASE_IMAGE=base-arm64-amazon-linux-2023 \ + --build-arg SPLUNK_BUILD_URL=${UF_ARM_BUILD_URL} \ + -t uf-arm64-amazon-linux-2023:${IMAGE_VERSION} . ##### Python 3 support ##### splunk-py23: splunk-py23-debian-9 splunk-py23-debian-10 splunk-py23-centos-7 splunk-py23-centos-8 splunk-py23-redhat-8 @@ -350,7 +372,7 @@ run_large_tests: run_large_tests_centos7 run_large_tests_redhat8 run_large_tests test_centos7: clean ansible splunk-centos-7 uf-centos-7 test_setup run_small_tests_centos7 run_large_tests_centos7 -test_redhat8: clean ansible splunk-redhat-8 uf-redhat-8 test_setup run_small_tests_redhat8 run_large_tests_redhat8 +test_redhat8: clean ansible splunk-redhat-8 splunk-arm64-amazon-linux-2023 uf-arm64-amazon-linux-2023 uf-redhat-8 test_setup run_small_tests_redhat8 run_large_tests_redhat8 test_debian9: clean ansible splunk-debian-9 uf-debian-9 test_setup run_small_tests_debian9 run_large_tests_debian9 diff --git a/base/amazon-linux-2023/Dockerfile b/base/amazon-linux-2023/Dockerfile new file mode 100644 index 00000000..74d5cf48 --- /dev/null +++ b/base/amazon-linux-2023/Dockerfile @@ -0,0 +1,31 @@ +# Copyright 2018-2024 Splunk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG BASE_IMAGE=amazonlinux:2023 +FROM ${BASE_IMAGE} as package + +LABEL name="splunk" \ + maintainer="support@splunk.com" \ + vendor="splunk" \ + release="1" \ + summary="Amazon-Linux-2023" \ + description="Splunk Enterprise is a platform for operational intelligence. Our software lets you collect, analyze, and act upon the untapped value of big data that your technology infrastructure, security systems, and business applications generate. It gives you insights to drive operational performance and business results." + + +COPY install.sh /install.sh + +RUN mkdir /licenses \ + && curl -o /licenses/apache-2.0.txt https://www.apache.org/licenses/LICENSE-2.0.txt + +RUN /install.sh && rm -rf /install.sh diff --git a/base/amazon-linux-2023/install.sh b/base/amazon-linux-2023/install.sh new file mode 100755 index 00000000..5a083841 --- /dev/null +++ b/base/amazon-linux-2023/install.sh @@ -0,0 +1,102 @@ +#!/bin/bash +# Copyright 2018-2024 Splunk +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +# Generate UTF-8 char map and locale +# Reinstalling local English def for now, removed in minimal image: https://bugzilla.redhat.com/show_bug.cgi?id=1665251 +dnf -y --nodocs install glibc-langpack-en + +# Currently there is no access to the UTF-8 char map. The following command is commented out until +# the base container can generate the locale. +# localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 +# We get around the gen above by forcing the language install, and then pointing to it. +export LANG=en_US.utf8 + +# Install utility packages +dnf -y --nodocs install wget sudo shadow-utils procps tar make gcc \ + openssl-devel bzip2-devel libffi-devel findutils \ + libssh-devel libcurl-devel glib2-devel ncurses-devel \ + diffutils bzip2 +# Patch security updates +dnf -y --nodocs update gnutls kernel-headers libdnf librepo libnghttp2 nettle \ + libpwquality libxml2 systemd-libs lz4-libs curl \ + rpm rpm-libs sqlite-libs cyrus-sasl-lib vim expat \ + openssl-libs xz-libs zlib libsolv file-libs pcre \ + libarchive libgcrypt libksba libstdc++ json-c gnupg + +# Reinstall tzdata (originally stripped from minimal image): https://bugzilla.redhat.com/show_bug.cgi?id=1903219 +dnf -y --nodocs reinstall tzdata || dnf -y --nodocs update tzdata + +# Build and install busybox direct from the multiarch since EPEL isn't available yet for redhat8 +cd ~ +wget https://busybox.net/downloads/busybox-1.36.1.tar.bz2 +bzip2 -d busybox-1.36.1.tar.bz2 +tar -xf busybox-1.36.1.tar +cd busybox-1.36.1 +make defconfig +make +cp busybox /bin/busybox +cd ~ +rm -rf busybox-1.36.1.tar busybox-1.36.1/ + +## Install Python and necessary packages +curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py +python3 get-pip.py +rm -f get-pip.py +ln -sf /usr/bin/python3 /usr/bin/python + +# Install splunk-ansible dependencies +pip3 -q --no-cache-dir install --upgrade Mako avro lxml protobuf +pip3 install setuptools +pip3 install six +pip3 install wheel +pip3 install requests +pip3 install cryptography==3.3.2 +pip3 install jmespath +pip3 install urllib3==1.26.5 +pip3 install ansible +cd / + +# Remove tests packaged in python libs +find /usr/lib/ -depth \( -type d -a -not -wholename '*/ansible/plugins/test' -a \( -name test -o -name tests -o -name idle_test \) \) -exec rm -rf '{}' \; +find /usr/lib/ -depth \( -type f -a -name '*.pyc' -o -name '*.pyo' -o -name '*.a' \) -exec rm -rf '{}' \; +find /usr/lib/ -depth \( -type f -a -name 'wininst-*.exe' \) -exec rm -rf '{}' \; +ldconfig + +# Cleanup +dnf remove -y make gcc openssl-devel bzip2-devel findutils glib2-devel glibc-devel cpp binutils \ + keyutils-libs-devel krb5-devel libcom_err-devel libffi-devel libcurl-devel \ + libselinux-devel libsepol-devel libssh-devel libverto-devel libxcrypt-devel \ + ncurses-devel pcre2-devel zlib-devel diffutils bzip2 +dnf clean all + +# Enable busybox symlinks +cd /bin +BBOX_LINKS=( clear find diff hostname killall netstat nslookup ping ping6 readline route syslogd tail traceroute vi ) +for item in "${BBOX_LINKS[@]}" +do + ln -s busybox $item || true +done +chmod u+s /bin/ping +groupadd sudo + +echo " +## Allows people in group sudo to run all commands +%sudo ALL=(ALL) ALL" >> /etc/sudoers + +# Clean +dnf clean all +rm -rf /install.sh /anaconda-post.log /var/log/anaconda/* diff --git a/splunk/common-files/Dockerfile b/splunk/common-files/Dockerfile index 7338c52a..ee0f21a1 100644 --- a/splunk/common-files/Dockerfile +++ b/splunk/common-files/Dockerfile @@ -21,12 +21,9 @@ FROM ${SPLUNK_BASE_IMAGE}:latest as package ARG SPLUNK_BUILD_URL COPY splunk/common-files/make-minimal-exclude.py /tmp RUN python /tmp/make-minimal-exclude.py ${SPLUNK_BUILD_URL} > /tmp/splunk-minimal-exclude.list \ - && echo "Downloading Splunk and validating the checksum at: ${SPLUNK_BUILD_URL}" \ + && echo "Downloading Splunk: ${SPLUNK_BUILD_URL}" \ && wget -qO /tmp/`basename ${SPLUNK_BUILD_URL}` ${SPLUNK_BUILD_URL} \ - && wget -qO /tmp/splunk.tgz.sha512 ${SPLUNK_BUILD_URL}.sha512 \ && cd /tmp \ - && echo "$(cat /tmp/splunk.tgz.sha512)" | sha512sum --check --status \ - && rm /tmp/splunk.tgz.sha512 \ && mkdir -p /minimal/splunk/var /extras/splunk/var \ && tar -C /minimal/splunk --strip 1 --exclude-from=/tmp/splunk-minimal-exclude.list -zxf /tmp/`basename ${SPLUNK_BUILD_URL}` \ && tar -C /extras/splunk --strip 1 --wildcards --files-from=/tmp/splunk-minimal-exclude.list -zxf /tmp/`basename ${SPLUNK_BUILD_URL}` \ diff --git a/splunk/common-files/make-minimal-exclude.py b/splunk/common-files/make-minimal-exclude.py index 72747e0c..6cf62bd7 100755 --- a/splunk/common-files/make-minimal-exclude.py +++ b/splunk/common-files/make-minimal-exclude.py @@ -4,10 +4,7 @@ EXCLUDE_V7 = """*-manifest */bin/installit.py -*/bin/jars/* */bin/jsmin* -*/bin/*mongo* -*/3rdparty/Copyright-for-mongo* */bin/node* */bin/pcregextest* */etc/*.lic* @@ -19,7 +16,6 @@ */etc/apps/sample_app* */etc/apps/appsbrowser* */etc/apps/alert_webhook* -*/etc/apps/splunk_archiver* */etc/apps/splunk_monitoring_console* */lib/node_modules* */share/splunk/app_templates* @@ -30,24 +26,23 @@ */share/splunk/pdf* *mrsparkle*""" -version_string = re.match(".*splunk-([0-9]+)\.([0-9]+)\.[0-9]+\.?[0-9]?-[0-9a-z]+-Linux-[0-9a-z_-]+.tgz", sys.argv[1]) -major_version = None -minor_version = None +m = re.match(".*splunk-([0-9]+)\.([0-9]+)\.[0-9]+\.?[0-9]?-[0-9a-z]+-Linux-([0-9a-z_-]+).tgz", sys.argv[1]) -if version_string: - major_version = version_string.group(1) - minor_version = version_string.group(2) - -if major_version: +if m and m.group(1): print(EXCLUDE_V7) - if int(major_version) == 7: + if int(m.group(1)) == 7: print("*/bin/parsetest*") - if int(minor_version) < 3: + if int(m.group(2)) < 3: print("*/etc/apps/framework*") print("*/etc/apps/gettingstarted*") else: print("*/etc/apps/splunk_metrics_workspace*") - elif 7 < int(major_version) < 9: + elif int(m.group(1)) > 7: print("*/etc/apps/splunk_metrics_workspace*") - if int(minor_version) < 1: + if int(m.group(1)) == 8 and int(m.group(2)) < 1: print("*/bin/parsetest*") + if m.group(3) != "aarch64": + print("*/bin/jars/*") + print("*/bin/*mongo*") + print("*/3rdparty/Copyright-for-mongo*") + print("*/etc/apps/splunk_archiver*") diff --git a/uf/common-files/Dockerfile b/uf/common-files/Dockerfile index 785de0eb..04b47069 100644 --- a/uf/common-files/Dockerfile +++ b/uf/common-files/Dockerfile @@ -20,12 +20,9 @@ ARG SPLUNK_BASE_IMAGE=base-debian-10 FROM ${SPLUNK_BASE_IMAGE}:latest as package ARG SPLUNK_BUILD_URL ENV SPLUNK_HOME=/opt/splunkforwarder -RUN echo "Downloading Splunk and validating the checksum at: ${SPLUNK_BUILD_URL}" \ +RUN echo "Downloading Splunk: ${SPLUNK_BUILD_URL}" \ && wget -qO /tmp/`basename ${SPLUNK_BUILD_URL}` ${SPLUNK_BUILD_URL} \ - && wget -qO /tmp/splunk.tgz.sha512 ${SPLUNK_BUILD_URL}.sha512 \ && cd /tmp \ - && echo "$(cat /tmp/splunk.tgz.sha512)" | sha512sum --check --status \ - && rm /tmp/splunk.tgz.sha512 \ && tar -C /opt -zxf /tmp/`basename ${SPLUNK_BUILD_URL}` \ && mv ${SPLUNK_HOME}/etc ${SPLUNK_HOME}-etc \ && mkdir -p ${SPLUNK_HOME}/etc ${SPLUNK_HOME}/var