Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[percona] update product versions #13081

Merged
merged 2 commits into from
Jul 19, 2023
Merged

[percona] update product versions #13081

merged 2 commits into from
Jul 19, 2023

Conversation

vorsel
Copy link
Contributor

@vorsel vorsel commented Sep 1, 2022
edited
Loading

  1. update all psmdb versions
  2. update ps57 version
  3. change base OS for ps-57 from centos8 to ol8
  4. remove outdated versions of psmdb-36, psmdb-40
  5. add new maintainer and remove old one

@tianon
Copy link
Member

tianon commented Sep 1, 2022

Relevant to the CI failure, I would love to check back in on #12399 (comment) -- any update on removing or updating those older versions? 😬

@yosifkit
Copy link
Member

Relevant to the CI failure, I would love to check back in on #12399 (comment) -- any update on removing or updating those older versions? grimacing

Friendly ping. Any update?

@vorsel
[percona] update product versions
f309098 
1. update all psmdb versions
2. update ps57 version
3. change base OS for ps-57 from centos8 to ol8
4. remove outdated versions of psmdb-36, psmdb-40
5. add new maintainer
@vorsel vorsel changed the title [percona] update psmdb-5.0 version, add new maintainer [percona] update product versions Nov 18, 2022
@github-actions

This comment has been minimized.

Sign in to view
@vorsel
Copy link
Contributor Author

vorsel commented Nov 18, 2022

Relevant to the CI failure, I would love to check back in on #12399 (comment) -- any update on removing or updating those older versions? grimacing

Friendly ping. Any update?

Sorry for the late reply.
All the issues were addressed.

@yosifkit
Copy link
Member

We recommend against using blanket package upgrades (apt-get upgrade/apk upgrade/yum upgrade/yum update) for official-images. When package upgrades are applied in a dependent image, it duplicates content of the base image, making the image larger than necessary. It also only delays the inevitable "there are outdated packages". The Official Images build pipeline makes heavy use of docker build cache, so we make periodic base image updates to then fully rebuild all dependent images (e.g. the Debian image updates).

We strive to publish updated images at least monthly for Debian. We also rebuild earlier if there is a critical security need, e.g. docker-library/official-images#2171. Many Official Images are maintained by the community or their respective upstream projects, like Ubuntu, Alpine, and Oracle Linux, and are subject to their own maintenance schedule. These refreshed base images also means that any other image in the Official Images program that is FROM them will also be rebuilt (as described in the project README.md file).

- https://github.com/docker-library/faq/tree/0ad5fd60288109c875a54a37f6581b2deaa836db#why-does-my-security-scanner-show-that-an-image-has-cves

@yosifkit yosifkit mentioned this pull request Nov 28, 2022
Closed
@yosifkit yosifkit mentioned this pull request Feb 9, 2023
Merged
@yosifkit
Copy link
Member

Friendly ping. Any update regarding the dnf -y update?

@tianon
Copy link
Member

tianon commented Jun 20, 2023

Friendly ping 🙇

@yosifkit yosifkit mentioned this pull request Jun 21, 2023
Merged
@github-actions
Copy link

Diff for 2759c26: 
diff --git a/_bashbrew-cat b/_bashbrew-cat
index a58a4da..fba5ae5 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,4 +1,4 @@
-Maintainers: Evgeniy Patlan <evgeniy.patlan@percona.com> (@EvgeniyPatlan), Viacheslav Sarzhan <slava.sarzhan@percona.com> (@hors), Oleksandr Miroshnychenko <alex.miroshnychenko@percona.com> (@vorsel), Serhii Stasiuk <serhii.stasiuk@percona.com> (@AgileStas), Vadim Yalovets <vadim.yalovets@percona.com> (@adivinho)
+Maintainers: Evgeniy Patlan <evgeniy.patlan@percona.com> (@EvgeniyPatlan), Viacheslav Sarzhan <slava.sarzhan@percona.com> (@hors), Oleksandr Miroshnychenko <alex.miroshnychenko@percona.com> (@vorsel), Vadim Yalovets <vadim.yalovets@percona.com> (@adivinho), Surabhi Bhat <surabhi.bhat@percona.com> (@surbhat1595)
 GitRepo: https://github.com/percona/percona-docker.git
 GitFetch: refs/heads/main
 
@@ -7,8 +7,8 @@ GitCommit: 4510d49bcce5cfce58a42c198d55399b144add83
 Directory: percona-server-5.6
 File: Dockerfile-dockerhub
 
-Tags: 5.7.35-centos, 5.7-centos, 5-centos, centos, 5.7.35, 5.7, 5, ps-5.7.35, ps-5.7, ps-5, latest
-GitCommit: f1697b98ebb86a8d684c4192fa382b00ae1860ff
+Tags: 5.7.39-centos, 5.7-centos, 5-centos, centos, 5.7.39, 5.7, 5, ps-5.7.39, ps-5.7, ps-5
+GitCommit: 80ab68b2d84c7c17c8cbc07edb35e35399fd0a54
 Directory: percona-server-5.7
 File: Dockerfile-dockerhub
 
@@ -16,22 +16,18 @@ Tags: 8.0.33-25-centos, 8.0-centos, 8-centos, 8.0.33-25, 8.0, 8, ps-8.0.33-25, p
 GitCommit: 3f666ccdf6a9eed0e0505723fbe8b4954a105c99
 Directory: percona-server-8.0
 
-Tags: psmdb-3.6.23, psmdb-3.6
-GitCommit: b32c7e632fe0d8b058ce32c0430a1783cfd557a0
-Directory: percona-server-mongodb-3.6
-
-Tags: psmdb-4.0.27, psmdb-4.0
-GitCommit: ef97f5cd2c747905dc6d724c245cce9f3e2ce0a1
-Directory: percona-server-mongodb-4.0
-
-Tags: psmdb-4.2.21, psmdb-4.2
-GitCommit: ee35507eeade832e18041d39ac67637202733e49
+Tags: psmdb-4.2.24, psmdb-4.2
+GitCommit: 80ab68b2d84c7c17c8cbc07edb35e35399fd0a54
 Directory: percona-server-mongodb-4.2
 
-Tags: psmdb-4.4.15, psmdb-4.4
-GitCommit: 93dc9be5c30c1da42e8f2dad03da5e17e6bc89a9
+Tags: psmdb-4.4.22, psmdb-4.4
+GitCommit: 80ab68b2d84c7c17c8cbc07edb35e35399fd0a54
 Directory: percona-server-mongodb-4.4
 
-Tags: psmdb-5.0.10, psmdb-5.0
-GitCommit: 0003693083fc3b6a904fd83a63096705aff46cca
+Tags: psmdb-5.0.18, psmdb-5.0
+GitCommit: 80ab68b2d84c7c17c8cbc07edb35e35399fd0a54
 Directory: percona-server-mongodb-5.0
+
+Tags: psmdb-6.0.6, psmdb-6.0
+GitCommit: 80ab68b2d84c7c17c8cbc07edb35e35399fd0a54
+Directory: percona-server-mongodb-6.0
diff --git a/_bashbrew-list b/_bashbrew-list
index 861747b..3eb55c1 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -6,8 +6,8 @@ percona:5.6.51-2
 percona:5.6.51-2-centos
 percona:5.7
 percona:5.7-centos
-percona:5.7.35
-percona:5.7.35-centos
+percona:5.7.39
+percona:5.7.39-centos
 percona:8
 percona:8-centos
 percona:8.0
@@ -15,22 +15,19 @@ percona:8.0-centos
 percona:8.0.33-25
 percona:8.0.33-25-centos
 percona:centos
-percona:latest
-percona:psmdb-3.6
-percona:psmdb-3.6.23
-percona:psmdb-4.0
-percona:psmdb-4.0.27
 percona:psmdb-4.2
-percona:psmdb-4.2.21
+percona:psmdb-4.2.24
 percona:psmdb-4.4
-percona:psmdb-4.4.15
+percona:psmdb-4.4.22
 percona:psmdb-5.0
-percona:psmdb-5.0.10
+percona:psmdb-5.0.18
+percona:psmdb-6.0
+percona:psmdb-6.0.6
 percona:ps-5
 percona:ps-5.6
 percona:ps-5.6.51-2
 percona:ps-5.7
-percona:ps-5.7.35
+percona:ps-5.7.39
 percona:ps-8
 percona:ps-8.0
 percona:ps-8.0.33-25
diff --git a/_bashbrew-list-build-order b/_bashbrew-list-build-order
index a74b83a..36c59f1 100644
--- a/_bashbrew-list-build-order
+++ b/_bashbrew-list-build-order
@@ -1,8 +1,7 @@
 percona:ps-5.6
-percona:latest
+percona:ps-5
 percona:ps-8
-percona:psmdb-3.6
-percona:psmdb-4.0
 percona:psmdb-4.2
 percona:psmdb-4.4
 percona:psmdb-5.0
+percona:psmdb-6.0
diff --git a/percona_latest/Dockerfile-dockerhub b/percona_ps-5/Dockerfile-dockerhub
similarity index 78%
rename from percona_latest/Dockerfile-dockerhub
rename to percona_ps-5/Dockerfile-dockerhub
index ed42340..b2112ac 100644
--- a/percona_latest/Dockerfile-dockerhub
+++ b/percona_ps-5/Dockerfile-dockerhub
@@ -1,12 +1,16 @@
 # This Dockerfile should be used for docker official repo
-#it is intentionally used another UID, to have backward compatibility with the previous image versions published on Docker Hub
 
-FROM centos:8
+# https://github.com/docker-library/official-images:
+# No official images can be derived from, or depend on, non-official images
+# with the following notable exceptions...
+FROM oraclelinux:8
 
 LABEL org.opencontainers.image.authors="info@percona.com"
 
+# It is intentionally used another UID, to have backward compatibility with
+# the previous image versions published on Docker Hub
 RUN set -ex; \
-    groupdel input; \
+    groupdel ssh_keys; \
     userdel systemd-coredump; \
     groupadd -g 999 mysql; \
     useradd -u 999 -r -g 999 -s /sbin/nologin \
@@ -21,39 +25,32 @@ RUN set -ex; \
     rpmkeys --import ${GNUPGHOME}/RPM-GPG-KEY-Percona ${GNUPGHOME}/RPM-GPG-KEY-centosofficial; \
     curl -Lf -o /tmp/percona-release.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm; \
     rpmkeys --checksig /tmp/percona-release.rpm; \
-    dnf install -y /tmp/percona-release.rpm; \
+    rpm -i /tmp/percona-release.rpm; \
     rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \
     rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY; \
     dnf -y module disable mysql
 
-ENV PS_VERSION 5.7.35-38.1
+ENV PS_VERSION 5.7.39-42.1
 ENV OS_VER el8
 ENV FULL_PERCONA_VERSION "$PS_VERSION.$OS_VER"
 
 RUN set -ex; \
-    dnf install -y \
-        dnf-utils \
+    rpm -e --nodeps tzdata; \
+    dnf config-manager --enable ol8_u4_security_validation; \
+    dnf -y install \
+        tzdata \
         jemalloc \
+        which \
         cracklib-dicts \
-        which; \
+        policycoreutils; \
     \
-    repoquery -a --location \
-        policycoreutils \
-            | xargs curl -Lf -o /tmp/policycoreutils.rpm; \
-    repoquery -a --location \
-        selinux-policy \
-            | xargs curl -Lf -o /tmp/selinux-policy.rpm; \
-    rpm -iv /tmp/policycoreutils.rpm /tmp/selinux-policy.rpm --nodeps; \
-    rm -rf /tmp/policycoreutils.rpm /tmp/selinux-policy.rpm; \
-    \
-    dnf install -y \
+    dnf -y install \
         Percona-Server-server-57-${FULL_PERCONA_VERSION} \
         Percona-Server-devel-57-${FULL_PERCONA_VERSION} \
         Percona-Server-tokudb-57-${FULL_PERCONA_VERSION} \
         Percona-Server-rocksdb-57-${FULL_PERCONA_VERSION}; \
-    dnf remove -y dnf-utils; \
     dnf clean all; \
-    rm -rf /var/cache/dnf /var/lib/mysql
+    rm -rf /var/cache/dnf /var/cache/yum /var/lib/mysql
 
 # purge and re-create /var/lib/mysql with appropriate ownership
 RUN set -ex; \
diff --git a/percona_latest/ps-entry.sh b/percona_ps-5/ps-entry.sh
similarity index 100%
rename from percona_latest/ps-entry.sh
rename to percona_ps-5/ps-entry.sh
diff --git a/percona_psmdb-3.6/Dockerfile b/percona_psmdb-3.6/Dockerfile
deleted file mode 100644
index d8bf012..0000000
diff --git a/percona_psmdb-3.6/ps-entry.sh b/percona_psmdb-3.6/ps-entry.sh
deleted file mode 100755
index e9efe53..0000000
diff --git a/percona_psmdb-4.0/LICENSE b/percona_psmdb-4.0/LICENSE
deleted file mode 100644
index b5a2afb..0000000
diff --git a/percona_psmdb-4.2/Dockerfile b/percona_psmdb-4.2/Dockerfile
index c8c5300..b16bb25 100644
--- a/percona_psmdb-4.2/Dockerfile
+++ b/percona_psmdb-4.2/Dockerfile
@@ -2,10 +2,11 @@ FROM oraclelinux:8
 
 LABEL org.opencontainers.image.authors="info@percona.com"
 
-ENV PSMDB_VERSION 4.2.21-21
+ENV PSMDB_VERSION 4.2.24-24
 ENV OS_VER el8
 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER"
 ENV K8S_TOOLS_VERSION "0.5.0"
+ENV PSMDB_REPO release
 
 # check repository package signature in secure way
 RUN set -ex; \
@@ -19,20 +20,23 @@ RUN set -ex; \
     rpmkeys --checksig /tmp/percona-release.rpm; \
     rpm -i /tmp/percona-release.rpm; \
     rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \
-    rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY; \
-    percona-release enable psmdb-42 release
+    rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY 
 
 RUN set -ex; \
+    percona-release enable psmdb-42 ${PSMDB_REPO}; \
+    dnf config-manager --enable ol8_u4_security_validation; \
     dnf -y install \
         percona-server-mongodb-mongos-${FULL_PERCONA_VERSION} \
         percona-server-mongodb-shell-${FULL_PERCONA_VERSION} \
+        percona-server-mongodb-tools-${FULL_PERCONA_VERSION} \
         jq \
         procps-ng \
         oniguruma \
         tar \
+        cyrus-sasl-gssapi \
         policycoreutils; \
         \
-    curl -Lf -o /tmp/Percona-Server-MongoDB-server.rpm http://repo.percona.com/psmdb-42/yum/release/8/RPMS/x86_64/percona-server-mongodb-server-${FULL_PERCONA_VERSION}.x86_64.rpm; \
+    curl -Lf -o /tmp/Percona-Server-MongoDB-server.rpm http://repo.percona.com/psmdb-42/yum/${PSMDB_REPO}/8/RPMS/x86_64/percona-server-mongodb-server-${FULL_PERCONA_VERSION}.x86_64.rpm; \
     rpmkeys --checksig /tmp/Percona-Server-MongoDB-server.rpm; \
     rpm -iv /tmp/Percona-Server-MongoDB-server.rpm --nodeps; \
     rm -rf /tmp/Percona-Server-MongoDB-server.rpm; \
@@ -41,8 +45,10 @@ RUN set -ex; \
     chown -R 1001:0 /data/db
 
 # the numeric UID is needed for OpenShift
-RUN useradd -u 1001 -r -g 0 -s /sbin/nologin \
-            -c "Default Application User" mongodb
+RUN useradd -u 1001 -r -g 0 -m -s /sbin/nologin \
+            -c "Default Application User" mongodb; \
+    chmod g+rwx /var/log/mongo; \
+    chown :0 /var/log/mongo
 
 COPY LICENSE /licenses/LICENSE.Dockerfile
 RUN cp /usr/share/doc/percona-server-mongodb-server/LICENSE-Community.txt /licenses/LICENSE.Percona-Server-for-MongoDB
@@ -64,10 +70,11 @@ RUN set -ex; \
     curl -fSL https://github.com/percona/mongodb-orchestration-tools/releases/download/${K8S_TOOLS_VERSION}/k8s-mongodb-initiator -o /usr/local/bin/k8s-mongodb-initiator; \
     curl -fSL  https://github.com/percona/mongodb-orchestration-tools/releases/download/${K8S_TOOLS_VERSION}/mongodb-healthcheck -o /usr/local/bin/mongodb-healthcheck; \
     curl -fSL  https://github.com/percona/mongodb-orchestration-tools/releases/download/${K8S_TOOLS_VERSION}/SHA256SUMS -o /tmp/SHA256SUMS; \
+    curl -fSL https://cdnjs.cloudflare.com/ajax/libs/js-yaml/4.1.0/js-yaml.min.js -o /js-yaml.js; \
     echo "$(grep 'k8s-mongodb-initiator' /tmp/SHA256SUMS | awk '{print $1}')" /usr/local/bin/k8s-mongodb-initiator | sha256sum -c -; \
     echo "$(grep 'mongodb-healthcheck' /tmp/SHA256SUMS   | awk '{print $1}')" /usr/local/bin/mongodb-healthcheck   | sha256sum -c -; \
+    echo "45dc3dd03dc07a06705a2c2989b8c7f709013f04bd5386e3279d4e447f07ebd7  /js-yaml.js" | sha256sum -c -; \
     rm -f /tmp/SHA256SUMS; \
-    \
     chmod 0755 /usr/local/bin/k8s-mongodb-initiator /usr/local/bin/mongodb-healthcheck
 
 VOLUME ["/data/db"]
diff --git a/percona_psmdb-4.4/Dockerfile b/percona_psmdb-4.4/Dockerfile
index f4cde34..fc72b94 100644
--- a/percona_psmdb-4.4/Dockerfile
+++ b/percona_psmdb-4.4/Dockerfile
@@ -14,25 +14,29 @@ RUN set -ex; \
     rpmkeys --checksig /tmp/percona-release.rpm; \
     rpm -i /tmp/percona-release.rpm; \
     rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \
-    rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY; \
-    percona-release enable psmdb-44 release
+    rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY
 
-ENV PSMDB_VERSION 4.4.15-15
+ENV PSMDB_VERSION 4.4.22-21
 ENV OS_VER el8
 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER"
 ENV K8S_TOOLS_VERSION "0.5.0"
+ENV PSMDB_REPO release
 
 RUN set -ex; \
+    percona-release enable psmdb-44 ${PSMDB_REPO}; \
+    dnf config-manager --enable ol8_u4_security_validation; \
     dnf -y install \
         percona-server-mongodb-mongos-${FULL_PERCONA_VERSION} \
         percona-server-mongodb-shell-${FULL_PERCONA_VERSION} \
+        percona-server-mongodb-tools-${FULL_PERCONA_VERSION} \
         procps-ng \
         jq \
         tar \
         oniguruma \
+        cyrus-sasl-gssapi \
         policycoreutils; \
         \
-    curl -Lf -o /tmp/Percona-Server-MongoDB-server.rpm http://repo.percona.com/psmdb-44/yum/release/8/RPMS/x86_64/percona-server-mongodb-server-${FULL_PERCONA_VERSION}.x86_64.rpm; \
+    curl -Lf -o /tmp/Percona-Server-MongoDB-server.rpm http://repo.percona.com/psmdb-44/yum/${PSMDB_REPO}/8/RPMS/x86_64/percona-server-mongodb-server-${FULL_PERCONA_VERSION}.x86_64.rpm; \
     rpmkeys --checksig /tmp/Percona-Server-MongoDB-server.rpm; \
     rpm -iv /tmp/Percona-Server-MongoDB-server.rpm --nodeps; \
     rm -rf /tmp/Percona-Server-MongoDB-server.rpm; \
@@ -41,8 +45,10 @@ RUN set -ex; \
     chown -R 1001:0 /data/db
 
 # the numeric UID is needed for OpenShift
-RUN useradd -u 1001 -r -g 0 -s /sbin/nologin \
-            -c "Default Application User" mongodb
+RUN useradd -u 1001 -r -g 0 -m -s /sbin/nologin \
+            -c "Default Application User" mongodb; \
+    chmod g+rwx /var/log/mongo; \
+    chown :0 /var/log/mongo
 
 COPY LICENSE /licenses/LICENSE.Dockerfile
 RUN cp /usr/share/doc/percona-server-mongodb-server/LICENSE-Community.txt /licenses/LICENSE.Percona-Server-for-MongoDB
diff --git a/percona_psmdb-5.0/Dockerfile b/percona_psmdb-5.0/Dockerfile
index 6c2ea9c..6163002 100644
--- a/percona_psmdb-5.0/Dockerfile
+++ b/percona_psmdb-5.0/Dockerfile
@@ -14,25 +14,29 @@ RUN set -ex; \
     rpmkeys --checksig /tmp/percona-release.rpm; \
     rpm -i /tmp/percona-release.rpm; \
     rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \
-    rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY; \
-    percona-release enable psmdb-50 release
+    rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY
 
-ENV PSMDB_VERSION 5.0.10-9
+ENV PSMDB_VERSION 5.0.18-15
 ENV OS_VER el8
 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER"
 ENV K8S_TOOLS_VERSION "0.5.0"
+ENV PSMDB_REPO release
 
 RUN set -ex; \
+    percona-release enable psmdb-50 ${PSMDB_REPO}; \
+    dnf config-manager --enable ol8_u4_security_validation; \
     dnf -y install \
         percona-server-mongodb-mongos-${FULL_PERCONA_VERSION} \
         percona-server-mongodb-shell-${FULL_PERCONA_VERSION} \
+        percona-server-mongodb-tools-${FULL_PERCONA_VERSION} \
         procps-ng \
         jq \
         tar \
         oniguruma \
+        cyrus-sasl-gssapi \
         policycoreutils; \
         \
-    curl -Lf -o /tmp/Percona-Server-MongoDB-server.rpm http://repo.percona.com/psmdb-50/yum/release/8/RPMS/x86_64/percona-server-mongodb-server-${FULL_PERCONA_VERSION}.x86_64.rpm; \
+    curl -Lf -o /tmp/Percona-Server-MongoDB-server.rpm http://repo.percona.com/psmdb-50/yum/${PSMDB_REPO}/8/RPMS/x86_64/percona-server-mongodb-server-${FULL_PERCONA_VERSION}.x86_64.rpm; \
     rpmkeys --checksig /tmp/Percona-Server-MongoDB-server.rpm; \
     rpm -iv /tmp/Percona-Server-MongoDB-server.rpm --nodeps; \
     rm -rf /tmp/Percona-Server-MongoDB-server.rpm; \
@@ -41,8 +45,10 @@ RUN set -ex; \
     chown -R 1001:0 /data/db
 
 # the numeric UID is needed for OpenShift
-RUN useradd -u 1001 -r -g 0 -s /sbin/nologin \
-            -c "Default Application User" mongodb
+RUN useradd -u 1001 -r -g 0 -m -s /sbin/nologin \
+            -c "Default Application User" mongodb; \
+    chmod g+rwx /var/log/mongo; \
+    chown :0 /var/log/mongo
 
 COPY LICENSE /licenses/LICENSE.Dockerfile
 RUN cp /usr/share/doc/percona-server-mongodb-server/LICENSE-Community.txt /licenses/LICENSE.Percona-Server-for-MongoDB
diff --git a/percona_psmdb-4.0/Dockerfile b/percona_psmdb-6.0/Dockerfile
similarity index 65%
rename from percona_psmdb-4.0/Dockerfile
rename to percona_psmdb-6.0/Dockerfile
index 841bcfe..c207655 100644
--- a/percona_psmdb-4.0/Dockerfile
+++ b/percona_psmdb-6.0/Dockerfile
@@ -1,54 +1,54 @@
-FROM centos:8
+FROM oraclelinux:8
 
 LABEL org.opencontainers.image.authors="info@percona.com"
 
 # check repository package signature in secure way
 RUN set -ex; \
     export GNUPGHOME="$(mktemp -d)"; \
-    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 99DB70FAE1D7CE227FB6488205B555B38483C65D; \
+    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A 99DB70FAE1D7CE227FB6488205B555B38483C65D 94E279EB8D8F25B21810ADF121EA45AB2F86D6A1; \
     gpg --batch --export --armor 430BDF5C56E7C94E848EE60C1C4CBDCDCD2EFD2A > ${GNUPGHOME}/RPM-GPG-KEY-Percona; \
     gpg --batch --export --armor 99DB70FAE1D7CE227FB6488205B555B38483C65D > ${GNUPGHOME}/RPM-GPG-KEY-centosofficial; \
-    rpmkeys --import ${GNUPGHOME}/RPM-GPG-KEY-Percona ${GNUPGHOME}/RPM-GPG-KEY-centosofficial; \
+    gpg --batch --export --armor 94E279EB8D8F25B21810ADF121EA45AB2F86D6A1 > ${GNUPGHOME}/RPM-GPG-KEY-EPEL-8; \
+    rpmkeys --import ${GNUPGHOME}/RPM-GPG-KEY-Percona ${GNUPGHOME}/RPM-GPG-KEY-centosofficial ${GNUPGHOME}/RPM-GPG-KEY-EPEL-8; \
     curl -Lf -o /tmp/percona-release.rpm https://repo.percona.com/yum/percona-release-latest.noarch.rpm; \
     rpmkeys --checksig /tmp/percona-release.rpm; \
-    dnf install -y /tmp/percona-release.rpm; \
+    rpm -i /tmp/percona-release.rpm; \
     rm -rf "$GNUPGHOME" /tmp/percona-release.rpm; \
-    rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY; \
-    percona-release enable psmdb-40 release
+    rpm --import /etc/pki/rpm-gpg/PERCONA-PACKAGING-KEY
 
-ENV PSMDB_VERSION 4.0.27-22
+ENV PSMDB_VERSION 6.0.6-5
 ENV OS_VER el8
 ENV FULL_PERCONA_VERSION "$PSMDB_VERSION.$OS_VER"
 ENV K8S_TOOLS_VERSION "0.5.0"
+ENV PSMDB_REPO release
 
 RUN set -ex; \
-    dnf install -y \
+    percona-release enable psmdb-60 ${PSMDB_REPO}; \
+    dnf config-manager --enable ol8_u4_security_validation; \
+    dnf -y install \
         percona-server-mongodb-mongos-${FULL_PERCONA_VERSION} \
-        percona-server-mongodb-shell-${FULL_PERCONA_VERSION} \
-        shadow-utils \
-        curl \
+        percona-server-mongodb-tools-${FULL_PERCONA_VERSION} \
+        percona-mongodb-mongosh \
         procps-ng \
-        oniguruma \
         jq \
-        dnf-utils; \
-    \
-    repoquery -a --location \
-        policycoreutils \
-            | xargs curl -Lf -o /tmp/policycoreutils.rpm; \
-    repoquery -a --location \
-        percona-server-mongodb-server-${FULL_PERCONA_VERSION} \
-            | xargs curl -Lf -o /tmp/percona-server-mongodb-server-${FULL_PERCONA_VERSION}.rpm; \
-    rpm -iv /tmp/policycoreutils.rpm /tmp/percona-server-mongodb-server-${FULL_PERCONA_VERSION}.rpm --nodeps; \
+        tar \
+        oniguruma \
+        cyrus-sasl-gssapi \
+        policycoreutils; \
         \
-    rm -rf /tmp/policycoreutils.rpm /tmp/percona-server-mongodb-server-${FULL_PERCONA_VERSION}.rpm; \
+    curl -Lf -o /tmp/Percona-Server-MongoDB-server.rpm http://repo.percona.com/psmdb-60/yum/${PSMDB_REPO}/8/RPMS/x86_64/percona-server-mongodb-server-${FULL_PERCONA_VERSION}.x86_64.rpm; \
+    rpmkeys --checksig /tmp/Percona-Server-MongoDB-server.rpm; \
+    rpm -iv /tmp/Percona-Server-MongoDB-server.rpm --nodeps; \
+    rm -rf /tmp/Percona-Server-MongoDB-server.rpm; \
     dnf clean all; \
-    dnf -y remove dnf-utils; \
-    rm -rf /var/cache/dnf /data/db && mkdir -p /data/db; \
+    rm -rf /var/cache/dnf /var/cache/yum /data/db && mkdir -p /data/db; \
     chown -R 1001:0 /data/db
 
 # the numeric UID is needed for OpenShift
-RUN useradd -u 1001 -r -g 0 -s /sbin/nologin \
-            -c "Default Application User" mongodb
+RUN useradd -u 1001 -r -g 0 -m -s /sbin/nologin \
+            -c "Default Application User" mongodb; \
+    chmod g+rwx /var/log/mongo; \
+    chown :0 /var/log/mongo
 
 COPY LICENSE /licenses/LICENSE.Dockerfile
 RUN cp /usr/share/doc/percona-server-mongodb-server/LICENSE-Community.txt /licenses/LICENSE.Percona-Server-for-MongoDB
@@ -78,6 +78,10 @@ RUN set -ex; \
 
 VOLUME ["/data/db"]
 
+RUN set -ex; \
+    curl -fSL https://cdnjs.cloudflare.com/ajax/libs/js-yaml/4.1.0/js-yaml.min.js -o /js-yaml.js; \
+    echo "45dc3dd03dc07a06705a2c2989b8c7f709013f04bd5386e3279d4e447f07ebd7  /js-yaml.js" | sha256sum -c -
+
 COPY ps-entry.sh /entrypoint.sh
 
 ENTRYPOINT ["/entrypoint.sh"]
diff --git a/percona_psmdb-3.6/LICENSE b/percona_psmdb-6.0/LICENSE
similarity index 100%
rename from percona_psmdb-3.6/LICENSE
rename to percona_psmdb-6.0/LICENSE
diff --git a/percona_psmdb-4.0/ps-entry.sh b/percona_psmdb-6.0/ps-entry.sh
similarity index 97%
rename from percona_psmdb-4.0/ps-entry.sh
rename to percona_psmdb-6.0/ps-entry.sh
index a3ec16d..3df658a 100755
--- a/percona_psmdb-4.0/ps-entry.sh
+++ b/percona_psmdb-6.0/ps-entry.sh
@@ -194,7 +194,7 @@ _parse_config() {
 	if configPath="$(_mongod_hack_get_arg_val --config "$@")"; then
 		# if --config is specified, parse it into a JSON file so we can remove a few problematic keys (especially SSL-related keys)
 		# see https://docs.mongodb.com/manual/reference/configuration-options/
-		mongo --norc --nodb --quiet --eval "load('/js-yaml.js'); printjson(jsyaml.load(cat($(_js_escape "$configPath"))))" > "$jsonConfigFile"
+		mongosh --norc --nodb --quiet --eval "load('/js-yaml.js'); printjson(jsyaml.load(cat($(_js_escape "$configPath"))))" > "$jsonConfigFile"
 		jq 'del(.systemLog, .processManagement, .net, .security)' "$jsonConfigFile" > "$tempConfigFile"
 		return 0
 	fi
@@ -314,7 +314,7 @@ if [ "$originalArgOne" = 'mongod' ]; then
 
 		"${mongodHackedArgs[@]}" --fork
 
-		mongo=( mongo --host 127.0.0.1 --port 27017 --quiet )
+		mongo=( mongosh --host 127.0.0.1 --port 27017 --quiet )
 
 		# check to see that our "mongod" actually did start up (catches "--help", "--version", MongoDB 3.2 being silly, slow prealloc, etc)
 		# https://jira.mongodb.org/browse/SERVER-16292
@@ -399,7 +399,7 @@ if [ "$originalArgOne" = 'mongod' ]; then
 	fi
 
 	MONGODB_VERSION=$(mongod --version  | head -1 | awk '{print $3}' | awk -F'.' '{print $1"."$2}')
-	if [ "$MONGODB_VERSION" == 'v4.2' ]; then
+	if [ "$MONGODB_VERSION" == 'v4.2' ] || [ "$MONGODB_VERSION" == 'v4.4' ] || [ "$MONGODB_VERSION" == 'v5.0' ] || [ "$MONGODB_VERSION" == 'v6.0' ]; then
 		_mongod_hack_rename_arg_save_val --sslMode --tlsMode "${mongodHackedArgs[@]}"
 
 		if _mongod_hack_have_arg '--tlsMode' "${mongodHackedArgs[@]}"; then

Relevant Maintainers:

@vorsel
Copy link
Contributor Author

vorsel commented Jul 19, 2023

Hi @tianon , @yosifkit
I apologize for such a delay, we've updated the PR, please re-check it at your convenience.

@tianon tianon merged commit 77404c9 into docker-library:master Jul 19, 2023
@tianon
Copy link
Member

tianon commented Jul 19, 2023

Thank you! ❤️

FYI, this appears to have removed latest, which means that tag will no longer be updated -- I'm hoping this was intentional, but if not, it should be easy to add back in another PR. 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yosifkit yosifkit yosifkit approved these changes

Assignees
No one assigned
Labels
library/percona
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vorsel @tianon @yosifkit @adivinho