24f2d8a3c4
RPM packaging improvements: - Fix %config(noreplace) directive in spec file (logcorrelator.yml) - Fix post script: use correct path for .yml.example (/etc/logcorrelator/) - Set /var/run/logcorrelator ownership to logcorrelator:logcorrelator - Set correct permissions: /var/run (755), /var/log (750), /var/lib (750) - Add %config(noreplace) for logrotate.d/logcorrelator - Add comprehensive RPM test script (packaging/test/test-rpm.sh) Documentation updates: - Update architecture.yml with filesystem permissions section - Document socket ownership (logcorrelator:logcorrelator, 0666) - Document config file policy (%config(noreplace) behavior) - Add systemd hardening directives (NoNewPrivileges, ProtectSystem) - Update ClickHouse schema: mark non-implemented fields - Remove materialized view SQL (managed externally) - Add stdout sink module documentation Build pipeline: - Update Dockerfile.package with comments for config policy - Add /var/lib/logcorrelator directory creation - Document fpm %config(noreplace) limitations Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
250 lines
11 KiB
Docker
250 lines
11 KiB
Docker
# syntax=docker/dockerfile:1
|
|
# =============================================================================
|
|
# logcorrelator - Dockerfile de build et packaging RPM multi-distros
|
|
# =============================================================================
|
|
|
|
# =============================================================================
|
|
# Stage 1: Builder - Compilation du binaire Go
|
|
# =============================================================================
|
|
FROM golang:1.21 AS builder
|
|
|
|
WORKDIR /build
|
|
|
|
# Install dependencies
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
git \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Copy go mod files
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
# Copy source code
|
|
COPY . .
|
|
|
|
# Build binary for Linux
|
|
ARG VERSION=$(grep -m1 "^Version:" packaging/rpm/logcorrelator.spec | awk '{print $2}')
|
|
RUN mkdir -p dist && \
|
|
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
|
|
go build -ldflags="-w -s -X main.Version=${VERSION}" \
|
|
-o dist/logcorrelator \
|
|
./cmd/logcorrelator
|
|
|
|
# =============================================================================
|
|
# Stage 2: RPM Package builder for Enterprise Linux 8 (el8)
|
|
# =============================================================================
|
|
FROM rockylinux:8 AS rpm-el8-builder
|
|
|
|
WORKDIR /package
|
|
|
|
# Install RPM build tools and fpm
|
|
RUN dnf install -y epel-release && \
|
|
dnf install -y ruby rubygems ruby-devel rpm-build gcc make && \
|
|
gem install fpm -v 1.16.0 --no-document && \
|
|
dnf clean all
|
|
|
|
# Copy binary from builder
|
|
COPY --from=builder /build/dist/logcorrelator /tmp/pkgroot/usr/bin/logcorrelator
|
|
# Config files: .yml is marked %config(noreplace) in RPM spec (preserved on upgrade)
|
|
# .yml.example is always updated to reflect latest configuration options
|
|
COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml
|
|
COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example
|
|
COPY --from=builder /build/logcorrelator.service /tmp/pkgroot/etc/systemd/system/logcorrelator.service
|
|
COPY packaging/rpm/post /tmp/scripts/post
|
|
COPY packaging/rpm/preun /tmp/scripts/preun
|
|
COPY packaging/rpm/postun /tmp/scripts/postun
|
|
COPY packaging/rpm/logrotate /tmp/pkgroot/etc/logrotate.d/logcorrelator
|
|
|
|
# Create directories and set permissions
|
|
# /var/run/logcorrelator: 755 - will be owned by logcorrelator:logcorrelator by post install script
|
|
# /var/log/logcorrelator: 755 - will be owned by logcorrelator:logcorrelator by post install script
|
|
# /var/lib/logcorrelator: created for service home directory
|
|
RUN mkdir -p /tmp/pkgroot/var/log/logcorrelator && \
|
|
mkdir -p /tmp/pkgroot/var/run/logcorrelator && \
|
|
mkdir -p /tmp/pkgroot/var/lib/logcorrelator && \
|
|
chmod 755 /tmp/pkgroot/usr/bin/logcorrelator && \
|
|
chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml && \
|
|
chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example && \
|
|
chmod 644 /tmp/pkgroot/etc/systemd/system/logcorrelator.service && \
|
|
chmod 755 /tmp/scripts/* && \
|
|
chmod 755 /tmp/pkgroot/var/log/logcorrelator && \
|
|
chmod 755 /tmp/pkgroot/var/run/logcorrelator && \
|
|
chmod 755 /tmp/pkgroot/var/lib/logcorrelator
|
|
|
|
# Build RPM for Enterprise Linux 8 (el8)
|
|
# Note: fpm does not support %config(noreplace) directly; this is handled in the spec file
|
|
# The post install script ensures existing config is preserved
|
|
ARG VERSION=$(grep -m1 "^Version:" packaging/rpm/logcorrelator.spec | awk '{print $2}')
|
|
RUN mkdir -p /packages/rpm/el8 && \
|
|
fpm -s dir -t rpm \
|
|
-n logcorrelator \
|
|
-v "${VERSION}" \
|
|
-C /tmp/pkgroot \
|
|
--architecture "x86_64" \
|
|
--rpm-os linux \
|
|
--description "Log correlation service for HTTP and network events" \
|
|
--url "https://github.com/logcorrelator/logcorrelator" \
|
|
--license "MIT" \
|
|
--vendor "logcorrelator <dev@example.com>" \
|
|
--rpm-dist el8 \
|
|
--depends "systemd" \
|
|
--after-install /tmp/scripts/post \
|
|
--before-remove /tmp/scripts/preun \
|
|
--after-remove /tmp/scripts/postun \
|
|
-p /packages/rpm/el8/logcorrelator-${VERSION}-1.el8.x86_64.rpm \
|
|
usr/bin/logcorrelator \
|
|
etc/logcorrelator/logcorrelator.yml \
|
|
etc/logcorrelator/logcorrelator.yml.example \
|
|
var/log/logcorrelator \
|
|
var/run/logcorrelator \
|
|
etc/systemd/system/logcorrelator.service \
|
|
etc/logrotate.d/logcorrelator
|
|
|
|
# =============================================================================
|
|
# Stage 3: RPM Package builder for Enterprise Linux 9 (el9)
|
|
# =============================================================================
|
|
FROM rockylinux:9 AS rpm-el9-builder
|
|
|
|
WORKDIR /package
|
|
|
|
# Install RPM build tools and fpm
|
|
RUN dnf install -y epel-release && \
|
|
dnf install -y ruby rubygems ruby-devel rpm-build gcc make && \
|
|
gem install fpm -v 1.16.0 --no-document && \
|
|
dnf clean all
|
|
|
|
# Copy binary from builder
|
|
COPY --from=builder /build/dist/logcorrelator /tmp/pkgroot/usr/bin/logcorrelator
|
|
# Config files: .yml is marked %config(noreplace) in RPM spec (preserved on upgrade)
|
|
# .yml.example is always updated to reflect latest configuration options
|
|
COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml
|
|
COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example
|
|
COPY --from=builder /build/logcorrelator.service /tmp/pkgroot/etc/systemd/system/logcorrelator.service
|
|
COPY packaging/rpm/post /tmp/scripts/post
|
|
COPY packaging/rpm/preun /tmp/scripts/preun
|
|
COPY packaging/rpm/postun /tmp/scripts/postun
|
|
COPY packaging/rpm/logrotate /tmp/pkgroot/etc/logrotate.d/logcorrelator
|
|
|
|
# Create directories and set permissions
|
|
# /var/run/logcorrelator: 755 - will be owned by logcorrelator:logcorrelator by post install script
|
|
# /var/log/logcorrelator: 755 - will be owned by logcorrelator:logcorrelator by post install script
|
|
# /var/lib/logcorrelator: created for service home directory
|
|
RUN mkdir -p /tmp/pkgroot/var/log/logcorrelator && \
|
|
mkdir -p /tmp/pkgroot/var/run/logcorrelator && \
|
|
mkdir -p /tmp/pkgroot/var/lib/logcorrelator && \
|
|
chmod 755 /tmp/pkgroot/usr/bin/logcorrelator && \
|
|
chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml && \
|
|
chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example && \
|
|
chmod 644 /tmp/pkgroot/etc/systemd/system/logcorrelator.service && \
|
|
chmod 755 /tmp/scripts/* && \
|
|
chmod 755 /tmp/pkgroot/var/log/logcorrelator && \
|
|
chmod 755 /tmp/pkgroot/var/run/logcorrelator && \
|
|
chmod 755 /tmp/pkgroot/var/lib/logcorrelator
|
|
|
|
# Build RPM for Enterprise Linux 9 (el9)
|
|
ARG VERSION=$(grep -m1 "^Version:" packaging/rpm/logcorrelator.spec | awk '{print $2}')
|
|
RUN mkdir -p /packages/rpm/el9 && \
|
|
fpm -s dir -t rpm \
|
|
-n logcorrelator \
|
|
-v "${VERSION}" \
|
|
-C /tmp/pkgroot \
|
|
--architecture "x86_64" \
|
|
--rpm-os linux \
|
|
--description "Log correlation service for HTTP and network events" \
|
|
--url "https://github.com/logcorrelator/logcorrelator" \
|
|
--license "MIT" \
|
|
--vendor "logcorrelator <dev@example.com>" \
|
|
--rpm-dist el9 \
|
|
--depends "systemd" \
|
|
--after-install /tmp/scripts/post \
|
|
--before-remove /tmp/scripts/preun \
|
|
--after-remove /tmp/scripts/postun \
|
|
-p /packages/rpm/el9/logcorrelator-${VERSION}-1.el9.x86_64.rpm \
|
|
usr/bin/logcorrelator \
|
|
etc/logcorrelator/logcorrelator.yml \
|
|
etc/logcorrelator/logcorrelator.yml.example \
|
|
var/log/logcorrelator \
|
|
var/run/logcorrelator \
|
|
etc/systemd/system/logcorrelator.service \
|
|
etc/logrotate.d/logcorrelator
|
|
|
|
# =============================================================================
|
|
# Stage 4: RPM Package builder for Enterprise Linux 10 (el10)
|
|
# =============================================================================
|
|
FROM almalinux:10 AS rpm-el10-builder
|
|
|
|
WORKDIR /package
|
|
|
|
# Install RPM build tools and fpm
|
|
RUN dnf install -y epel-release && \
|
|
dnf install -y ruby rubygems ruby-devel rpm-build gcc make && \
|
|
gem install fpm -v 1.16.0 --no-document && \
|
|
dnf clean all
|
|
|
|
# Copy binary from builder
|
|
COPY --from=builder /build/dist/logcorrelator /tmp/pkgroot/usr/bin/logcorrelator
|
|
# Config files: .yml is marked %config(noreplace) in RPM spec (preserved on upgrade)
|
|
# .yml.example is always updated to reflect latest configuration options
|
|
COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml
|
|
COPY --from=builder /build/config.example.yml /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example
|
|
COPY --from=builder /build/logcorrelator.service /tmp/pkgroot/etc/systemd/system/logcorrelator.service
|
|
COPY packaging/rpm/post /tmp/scripts/post
|
|
COPY packaging/rpm/preun /tmp/scripts/preun
|
|
COPY packaging/rpm/postun /tmp/scripts/postun
|
|
COPY packaging/rpm/logrotate /tmp/pkgroot/etc/logrotate.d/logcorrelator
|
|
|
|
# Create directories and set permissions
|
|
# /var/run/logcorrelator: 755 - will be owned by logcorrelator:logcorrelator by post install script
|
|
# /var/log/logcorrelator: 755 - will be owned by logcorrelator:logcorrelator by post install script
|
|
# /var/lib/logcorrelator: created for service home directory
|
|
RUN mkdir -p /tmp/pkgroot/var/log/logcorrelator && \
|
|
mkdir -p /tmp/pkgroot/var/run/logcorrelator && \
|
|
mkdir -p /tmp/pkgroot/var/lib/logcorrelator && \
|
|
chmod 755 /tmp/pkgroot/usr/bin/logcorrelator && \
|
|
chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml && \
|
|
chmod 640 /tmp/pkgroot/etc/logcorrelator/logcorrelator.yml.example && \
|
|
chmod 644 /tmp/pkgroot/etc/systemd/system/logcorrelator.service && \
|
|
chmod 755 /tmp/scripts/* && \
|
|
chmod 755 /tmp/pkgroot/var/log/logcorrelator && \
|
|
chmod 755 /tmp/pkgroot/var/run/logcorrelator && \
|
|
chmod 755 /tmp/pkgroot/var/lib/logcorrelator
|
|
|
|
# Build RPM for Enterprise Linux 10 (el10)
|
|
ARG VERSION=$(grep -m1 "^Version:" packaging/rpm/logcorrelator.spec | awk '{print $2}')
|
|
RUN mkdir -p /packages/rpm/el10 && \
|
|
fpm -s dir -t rpm \
|
|
-n logcorrelator \
|
|
-v "${VERSION}" \
|
|
-C /tmp/pkgroot \
|
|
--architecture "x86_64" \
|
|
--rpm-os linux \
|
|
--description "Log correlation service for HTTP and network events" \
|
|
--url "https://github.com/logcorrelator/logcorrelator" \
|
|
--license "MIT" \
|
|
--vendor "logcorrelator <dev@example.com>" \
|
|
--rpm-dist el10 \
|
|
--depends "systemd" \
|
|
--after-install /tmp/scripts/post \
|
|
--before-remove /tmp/scripts/preun \
|
|
--after-remove /tmp/scripts/postun \
|
|
-p /packages/rpm/el10/logcorrelator-${VERSION}-1.el10.x86_64.rpm \
|
|
usr/bin/logcorrelator \
|
|
etc/logcorrelator/logcorrelator.yml \
|
|
etc/logcorrelator/logcorrelator.yml.example \
|
|
var/log/logcorrelator \
|
|
var/run/logcorrelator \
|
|
etc/systemd/system/logcorrelator.service \
|
|
etc/logrotate.d/logcorrelator
|
|
|
|
# =============================================================================
|
|
# Stage 5: Output - Image finale avec les packages RPM
|
|
# =============================================================================
|
|
FROM alpine:latest AS output
|
|
|
|
WORKDIR /packages
|
|
COPY --from=rpm-el8-builder /packages/rpm/el8/*.rpm /packages/rpm/el8/
|
|
COPY --from=rpm-el9-builder /packages/rpm/el9/*.rpm /packages/rpm/el9/
|
|
COPY --from=rpm-el10-builder /packages/rpm/el10/*.rpm /packages/rpm/el10/
|
|
|
|
CMD ["sh", "-c", "echo '=== RPM Enterprise Linux 8 ===' && ls -la /packages/rpm/el8/ && echo '' && echo '=== RPM Enterprise Linux 9 ===' && ls -la /packages/rpm/el9/ && echo '' && echo '=== RPM Enterprise Linux 10 ===' && ls -la /packages/rpm/el10/'"]
|