NMS-15788: switch Horizon 33 to UBI

.circleci/main/workflows/workflows_v2.json

@@ -393,8 +393,7 @@
                 "docker-publish-account"
             ],
             "variations": [
-                "linux/arm64",
-                "linux/arm/v7"
+                "linux/arm64"
             ],
             "requires": [
                 "smoke-test-core",
@@ -435,8 +434,7 @@
                 "docker-publish-account"
             ],
             "variations": [
-                "linux/arm64",
-                "linux/arm/v7"
+                "linux/arm64"
             ],
             "requires": [
                 "smoke-test-core",
@@ -464,8 +462,7 @@
                 "docker-publish-account"
             ],
             "variations": [
-                "linux/arm64",
-                "linux/arm/v7"
+                "linux/arm64"
             ],
             "requires": [
                 "smoke-test-core",

.circleci/scripts/lib-docker.sh

@@ -62,7 +62,6 @@ create_and_push_manifest() {
   docker manifest create "${TARGET_REF}" \
     "${IMAGE_REF}-linux-amd64" \
     "${IMAGE_REF}-linux-arm64" \
-    "${IMAGE_REF}-linux-arm-v7" \
     --amend
 
   DOCKER_IMAGE_SHA_256="$(docker manifest push "${TARGET_REF}" --purge | cut -d ':' -f 2)"

opennms-container/common.mk

@@ -12,7 +12,7 @@ endif
 VERSION                 := $(shell ../../.circleci/scripts/pom2version.sh ../../pom.xml)
 SHELL                   := /bin/bash -o nounset -o pipefail -o errexit
 BUILD_DATE              := $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
-BASE_IMAGE              := opennms/deploy-base:ubuntu-3.0.1.b220-jre-17
+BASE_IMAGE              := opennms/deploy-base:ubi9-3.1.0.b228-jre-17
 DOCKER_CLI_EXPERIMENTAL := enabled
 DOCKER_REGISTRY         := docker.io
 DOCKER_ORG              := opennms

opennms-container/core/Dockerfile

@@ -1,7 +1,7 @@
 ##
-# Use Java base image and setup required RPMS as cacheable image.
+# Use Java base image and setup required RPMs as cacheable image.
 ##
-ARG BASE_IMAGE="opennms/deploy-base:ubuntu-3.0.1.b220-jre-17"
+ARG BASE_IMAGE="opennms/deploy-base:ubi9-3.1.0.b228-jre-17"
 
 FROM ${BASE_IMAGE} as core-tarball
 
@@ -33,34 +33,12 @@ RUN chmod +x /tmp/plugins.sh  && cd /tmp && ./plugins.sh && rm ./plugins.sh
 
 FROM ${BASE_IMAGE} as core-base
 
-ARG REQUIRED_DEBS="rrdtool jrrd2 r-base-core rsync libxml-twig-perl libwww-perl jq diffutils hostname sudo"
-
-ARG REPO_KEY_URL="https://debian.opennms.org/OPENNMS-GPG-KEY"
+ARG REQUIRED_RPMS="diffutils hostname jrrd2 jq rrdtool"
 
 SHELL ["/bin/bash", "-c"]
 
-# Prevent setup prompt
-ENV DEBIAN_FRONTEND=noninteractive
-
-# import keys
-RUN apt-get update && \
-    apt-get \
-        --no-install-recommends \
-        -yq \
-        install \
-            gnupg \
-            ca-certificates && \
-    curl -fsSL ${REPO_KEY_URL} | apt-key add && \
-    echo "deb https://debian.opennms.org stable main" > /etc/apt/sources.list.d/opennms.list && \
-    apt-get update && \
-    apt-get \
-        --no-install-recommends \
-        -yq \
-        install \
-            ${REQUIRED_DEBS} && \
-    apt-get -y autoclean && \
-    apt-get -y clean && \
-    rm -rf /var/cache/apt
+RUN microdnf -y install ${REQUIRED_RPMS} && \
+    rm -rf /var/cache/yum
 
 # Create OpenNMS user with a specific group ID
 RUN groupadd \

opennms-container/core/container-fs/health.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-if curl http://localhost:8980/opennms/rest/health/probe | grep --quiet "Everything is awesome"; then 
+if curl -sSF http://localhost:8980/opennms/rest/health/probe | grep --quiet "Everything is awesome"; then 
   exit 0;
 else
   exit 1;

opennms-container/core/plugins.sh

@@ -1,64 +1,66 @@
 #!/bin/bash
 
+set -euo pipefail
+IFS=$'\n\t'
+
 export ALEC_VERSION="latest"
 export CLOUD_VERSION="latest"
 export CORTEX_VERSION="latest"
 export VELOCLOUD_VERSION="latest"
 
 export DEPLOY_FOLDER="/opt/usr-plugins"
 
-mkdir $DEPLOY_FOLDER 
+mkdir -p "$DEPLOY_FOLDER"
 
-apt-get update
-apt-get install -y python3-pip wget curl jq
+microdnf -y install cpio python3-pip jq
 pip3 install --upgrade cloudsmith-cli 
 
 mkdir ~/test
 cd ~/test || exit
-artifact_urls=$(cloudsmith list packages --query="opennms-alec-plugin version:$ALEC_VERSION format:deb" opennms/common -F json  | jq -r '.data[].cdn_url')
+artifact_urls=$(cloudsmith list packages --query="opennms-alec-plugin version:$ALEC_VERSION format:rpm" opennms/common -F json  | jq -r '.data[].cdn_url')
 for url in $artifact_urls; do 
- wget "$url"
+ curl -sS -L -O "$url"
 done
-dpkg-deb -R *-alec-plugin_*_all.deb ./
-find . -name '*.kar' -exec mv {} $DEPLOY_FOLDER \;
+rpm2cpio *-alec-plugin*.rpm | cpio -id
+find . -name '*.kar' -exec mv '{}' "$DEPLOY_FOLDER" \;
 
 cd ~/ || exit
 rm -rf test
 mkdir ~/test
 cd ~/test || exit
 
-artifact_urls=$(cloudsmith list packages --query="opennms-plugin-cloud version:$CLOUD_VERSION format:deb" opennms/common -F json  | jq -r '.data[].cdn_url')
+artifact_urls=$(cloudsmith list packages --query="opennms-plugin-cloud version:$CLOUD_VERSION format:rpm" opennms/common -F json  | jq -r '.data[].cdn_url')
 for url in $artifact_urls; do
-    wget "$url"
+    curl -sS -L -O "$url"
 done
-dpkg-deb -R *-plugin-cloud_*_all.deb ./
-find . -name '*.kar' -exec mv {} $DEPLOY_FOLDER \;
+rpm2cpio *-plugin-cloud*.rpm | cpio -id
+find . -name '*.kar' -exec mv '{}' "$DEPLOY_FOLDER" \;
 
 cd ..
 rm -r test
 
-cd $DEPLOY_FOLDER || exit 
-if [ $CORTEX_VERSION == "latest" ]
+cd "$DEPLOY_FOLDER" || exit 
+if [ "$CORTEX_VERSION" == "latest" ]
 then
- artifact_urls=$(curl --silent https://api.github.com/repos/OpenNMS/opennms-cortex-tss-plugin/releases | jq -r '.[0].assets[0].browser_download_url')
+ artifact_urls=$(curl -sS https://api.github.com/repos/OpenNMS/opennms-cortex-tss-plugin/releases | jq -r '.[0].assets[0].browser_download_url')
 else
- artifact_urls=$(curl --silent https://api.github.com/repos/OpenNMS/opennms-cortex-tss-plugin/releases | jq -r '.[] | select(.tag_name=="$CORTEX_VERSION") | .assets[0].browser_download_url')
+ artifact_urls=$(curl -sS https://api.github.com/repos/OpenNMS/opennms-cortex-tss-plugin/releases | jq -r '.[] | select(.tag_name=="$CORTEX_VERSION") | .assets[0].browser_download_url')
 fi
 if [ -n "$artifact_urls" ]; then
  for url in $artifact_urls; do
-    wget "$url"
+    curl -sS -L -O "$url"
  done
 fi
 
-cd $DEPLOY_FOLDER || exit 
-if [ $VELOCLOUD_VERSION == "latest" ]
+cd "$DEPLOY_FOLDER" || exit 
+if [ "$VELOCLOUD_VERSION" == "latest" ]
 then
- artifact_urls=$(curl --silent https://api.github.com/repos/OpenNMS/opennms-velocloud-plugin/releases | jq -r '.[0].assets[0].browser_download_url')
+ artifact_urls=$(curl -sS https://api.github.com/repos/OpenNMS/opennms-velocloud-plugin/releases | jq -r '.[0].assets[0].browser_download_url')
 else
- artifact_urls=$(curl --silent https://api.github.com/repos/OpenNMS/opennms-velocloud-plugin/releases | jq -r '.[] | select(.tag_name=="$VELOCLOUD_VERSION") | .assets[0].browser_download_url')
+ artifact_urls=$(curl -sS https://api.github.com/repos/OpenNMS/opennms-velocloud-plugin/releases | jq -r '.[] | select(.tag_name=="$VELOCLOUD_VERSION") | .assets[0].browser_download_url')
 fi
 if [ -n "$artifact_urls"  ]; then
  for url in $artifact_urls; do
-    wget "$url"
+    curl -sS -L -O "$url"
  done
 fi

opennms-container/minion/Dockerfile

@@ -4,7 +4,7 @@
 # To avoid issues, we rearrange the directories in pre-stage to avoid injecting these
 # as additional layers into the final image.
 ##
-ARG BASE_IMAGE="opennms/deploy-base:ubuntu-3.0.1.b220-jre-17"
+ARG BASE_IMAGE="opennms/deploy-base:ubi9-3.1.0.b228-jre-17"
 
 FROM ${BASE_IMAGE} as minion-base
 
@@ -37,26 +37,13 @@ RUN chmod +x /tmp/plugins.sh  && cd /tmp && ./plugins.sh && rm ./plugins.sh
 ##
 FROM ${BASE_IMAGE}
 
-ARG REQUIRED_DEBS="hostname uuid-runtime rsync"
-
-# Prevent prompts
-ENV DEBIAN_FRONTEND=noninteractive
+ARG REQUIRED_RPMS="hostname uuid"
 
 # Collect generic steps in a layer for caching
 
-# import keys & install required debs
-RUN apt-get update && \
-    apt-get --no-install-recommends install -yq ${REQUIRED_DEBS} && \
-    apt-get -y autoclean && \
-    apt-get -y clean && \
-    rm -rf /var/cache/apt
-
-# get any security updates for the base system
-RUN grep security /etc/apt/sources.list > /etc/apt/security.sources.list && \
-    apt update -o Dir::Etc::SourceList=/etc/apt/security.sources.list && \
-    apt -y -u -o Dir::Etc::SourceList=/etc/apt/security.sources.list full-upgrade && \
-    apt clean && \
-    rm -rf /var/cache/apt /etc/apt/security.sources.list
+# install required RPMs
+RUN microdnf -y install ${REQUIRED_RPMS} && \
+    rm -rf /var/cache/yum
 
 RUN groupadd \
         --gid 10001 \

opennms-container/minion/plugins.sh

@@ -1,23 +1,25 @@
 #!/bin/bash
 
+set -euo pipefail
+trap 's=$?; echo "$0: Error on line "$LINENO": $BASH_COMMAND"; exit $s' ERR
+IFS=$'\n\t'
 
 export VELOCLOUD_VERSION="latest"
 export DEPLOY_FOLDER="/opt/usr-plugins"
 
-mkdir $DEPLOY_FOLDER 
+mkdir -p "$DEPLOY_FOLDER"
 
-apt-get update
-apt-get install -y wget curl jq
+microdnf -y install jq
 
 cd $DEPLOY_FOLDER || exit 
 if [ $VELOCLOUD_VERSION == "latest" ]
 then
- artifact_urls=$(curl --silent https://api.github.com/repos/OpenNMS/opennms-velocloud-plugin/releases | jq -r '.[0].assets[0].browser_download_url')
+ artifact_urls=$(curl -sS https://api.github.com/repos/OpenNMS/opennms-velocloud-plugin/releases | jq -r '.[0].assets[0].browser_download_url')
 else
- artifact_urls=$(curl --silent https://api.github.com/repos/OpenNMS/opennms-velocloud-plugin/releases | jq -r '.[] | select(.tag_name=="$VELOCLOUD_VERSION") | .assets[0].browser_download_url')
+ artifact_urls=$(curl -sS https://api.github.com/repos/OpenNMS/opennms-velocloud-plugin/releases | jq -r '.[] | select(.tag_name=="$VELOCLOUD_VERSION") | .assets[0].browser_download_url')
 fi
 if [ -n "$artifact_urls" ]; then
  for url in $artifact_urls; do
-    wget "$url"
+    curl -sS -L -O "$url"
  done
 fi

opennms-container/sentinel/Dockerfile

@@ -1,7 +1,7 @@
 ##
-# Use Java base image and setup required DEBS as cacheable image.
+# Use Java base image and setup required RPMs as cacheable image.
 ##
-ARG BASE_IMAGE="opennms/deploy-base:ubuntu-3.0.1.b220-jre-17"
+ARG BASE_IMAGE="opennms/deploy-base:ubi9-3.1.0.b228-jre-17"
 
 FROM ${BASE_IMAGE} as sentinel-tarball
 
@@ -22,31 +22,15 @@ RUN chmod -R g-w /opt/usr-share/sentinel && \
 
 FROM ${BASE_IMAGE} as sentinel-base
 
-ARG REQUIRED_DEBS="hostname wget gettext openssh-client uuid-runtime rsync"
-
-ARG REPO_KEY_URL="https://debian.opennms.org/OPENNMS-GPG-KEY"
+ARG REQUIRED_RPMS="hostname uuid"
 
 SHELL ["/bin/bash", "-c"]
 
-# Prevent prompts
-ENV DEBIAN_FRONTEND=noninteractive
-
 # Collect generic steps in a layer for caching
-# import keys & install required debs
-RUN apt-get update && \
-    apt-get --no-install-recommends install -yq gnupg ca-certificates && \
-    curl -fsSL ${REPO_KEY_URL} | apt-key add && \
-    apt-get --no-install-recommends install -yq ${REQUIRED_DEBS} && \
-    apt-get -y autoclean && \
-    apt-get -y clean && \
-    rm -rf /var/cache/apt
-
-# get any security updates for the base system
-RUN grep security /etc/apt/sources.list > /etc/apt/security.sources.list && \
-    apt update -o Dir::Etc::SourceList=/etc/apt/security.sources.list && \
-    apt -y -u -o Dir::Etc::SourceList=/etc/apt/security.sources.list full-upgrade && \
-    apt clean && \
-    rm -rf /var/cache/apt /etc/apt/security.sources.list
+
+# install required RPMs
+RUN microdnf -y install ${REQUIRED_RPMS} && \
+    rm -rf /var/cache/yum
 
 ##
 # Download plugins
@@ -100,11 +84,6 @@ RUN install -d -o 10001 -g 0 -m 775 \
 
 COPY ./container-fs/* /
 
-# Allow to send ICMP messages as non-root user
-RUN setcap cap_net_raw+ep ${JAVA_HOME}/bin/java && \
-    echo ${JAVA_HOME}/lib/jli > /etc/ld.so.conf.d/java-latest.conf && \
-    ldconfig
-
 VOLUME [ "/usr/share/sentinel/deploy", "/usr/share/sentinel/etc", "/usr/share/sentinel/data" ]
 
 WORKDIR /usr/share/sentinel

opennms-container/sentinel/plugins.sh

@@ -5,26 +5,27 @@ export CLOUD_VERSION="latest"
 #export DEPLOY_FOLDER="/usr/share/opennms/deploy" 
 export DEPLOY_FOLDER="/opt/usr-plugins"
 
-apt-get update
-apt-get install -y python3-pip wget curl jq
+mkdir -p "$DEPLOY_FOLDER"
+
+microdnf -y install cpio python3-pip jq
 pip3 install --upgrade cloudsmith-cli 
 
 mkdir ~/test
 cd ~/test || exit
-urls=$(cloudsmith list packages --query="sentinel-alec-plugin version:$ALEC_VERSION format:deb" opennms/common -F json  | jq -r '.data[].cdn_url')
+urls=$(cloudsmith list packages --query="sentinel-alec-plugin version:$ALEC_VERSION format:rpm" opennms/common -F json  | jq -r '.data[].cdn_url')
 for url in $urls; do 
- wget "$url"
+ curl -sS -L -O "$url"
 done
-dpkg-deb -R *-alec-plugin_*_all.deb ./
-find . -name '*.kar' -exec mv {} $DEPLOY_FOLDER \;
+rpm2cpio *-alec-plugin*.rpm | cpio -id
+find . -name '*.kar' -exec mv '{}' "$DEPLOY_FOLDER" \;
 
 
-urls=$(cloudsmith list packages --query="sentinel-plugin-cloud version:$CLOUD_VERSION format:deb" opennms/common -F json  | jq -r '.data[].cdn_url')
+urls=$(cloudsmith list packages --query="sentinel-plugin-cloud version:$CLOUD_VERSION format:rpm" opennms/common -F json  | jq -r '.data[].cdn_url')
 for url in $urls; do
-    wget "$url"
+    curl -sS -L -O "$url"
 done
-dpkg-deb -R *-plugin-cloud_*_all.deb ./
-find . -name '*.kar' -exec mv {} $DEPLOY_FOLDER \;
+rpm2cpio *-plugin-cloud*.rpm | cpio -id
+find . -name '*.kar' -exec mv '{}' "$DEPLOY_FOLDER" \;
 
 cd ..
 rm -r test