|
| 1 | +# |
| 2 | +# NOTE: THIS DOCKERFILE IS GENERATED VIA "apply-templates.sh" |
| 3 | +# |
| 4 | +# PLEASE DO NOT EDIT IT DIRECTLY. |
| 5 | +# |
| 6 | +FROM ubuntu:focal |
| 7 | + |
| 8 | +# |
| 9 | +# GSSAPI deps |
| 10 | +# |
| 11 | +RUN apt-get update -y |
| 12 | +RUN DEBIAN_FRONTEND=noninteractive apt-get install -y \ |
| 13 | + krb5-user \ |
| 14 | + libsasl2-modules-gssapi-mit \ |
| 15 | + ldap-utils |
| 16 | + |
| 17 | +# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added |
| 18 | +RUN groupadd -r mongodb && useradd -r -g mongodb mongodb |
| 19 | + |
| 20 | +RUN set -eux; \ |
| 21 | + apt-get update; \ |
| 22 | + apt-get install -y --no-install-recommends \ |
| 23 | + ca-certificates \ |
| 24 | + jq \ |
| 25 | + numactl \ |
| 26 | + ; \ |
| 27 | + if ! command -v ps > /dev/null; then \ |
| 28 | + apt-get install -y --no-install-recommends procps; \ |
| 29 | + fi; \ |
| 30 | + rm -rf /var/lib/apt/lists/* |
| 31 | + |
| 32 | +# grab gosu for easy step-down from root (https://github.com/tianon/gosu/releases) |
| 33 | +ENV GOSU_VERSION 1.12 |
| 34 | +# grab "js-yaml" for parsing mongod's YAML config files (https://github.com/nodeca/js-yaml/releases) |
| 35 | +ENV JSYAML_VERSION 3.13.1 |
| 36 | + |
| 37 | +RUN set -ex; \ |
| 38 | + \ |
| 39 | + savedAptMark="$(apt-mark showmanual)"; \ |
| 40 | + apt-get update; \ |
| 41 | + apt-get install -y --no-install-recommends \ |
| 42 | + wget \ |
| 43 | + ; \ |
| 44 | + if ! command -v gpg > /dev/null; then \ |
| 45 | + apt-get install -y --no-install-recommends gnupg dirmngr; \ |
| 46 | + savedAptMark="$savedAptMark gnupg dirmngr"; \ |
| 47 | + elif gpg --version | grep -q '^gpg (GnuPG) 1\.'; then \ |
| 48 | +# "This package provides support for HKPS keyservers." (GnuPG 1.x only) |
| 49 | + apt-get install -y --no-install-recommends gnupg-curl; \ |
| 50 | + fi; \ |
| 51 | + rm -rf /var/lib/apt/lists/*; \ |
| 52 | + \ |
| 53 | + dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \ |
| 54 | + wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \ |
| 55 | + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \ |
| 56 | + export GNUPGHOME="$(mktemp -d)"; \ |
| 57 | + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ |
| 58 | + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ |
| 59 | + command -v gpgconf && gpgconf --kill all || :; \ |
| 60 | + rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \ |
| 61 | + \ |
| 62 | + wget -O /js-yaml.js "https://github.com/nodeca/js-yaml/raw/${JSYAML_VERSION}/dist/js-yaml.js"; \ |
| 63 | +# TODO some sort of download verification here |
| 64 | + \ |
| 65 | + apt-mark auto '.*' > /dev/null; \ |
| 66 | + apt-mark manual $savedAptMark > /dev/null; \ |
| 67 | + apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \ |
| 68 | + \ |
| 69 | +# smoke test |
| 70 | + chmod +x /usr/local/bin/gosu; \ |
| 71 | + gosu --version; \ |
| 72 | + gosu nobody true |
| 73 | + |
| 74 | +RUN mkdir /docker-entrypoint-initdb.d |
| 75 | + |
| 76 | +RUN set -ex; \ |
| 77 | + export GNUPGHOME="$(mktemp -d)"; \ |
| 78 | + set -- 'F5679A222C647C87527C2F8CB00A0BD1E2C63C11'; \ |
| 79 | + for key; do \ |
| 80 | + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key"; \ |
| 81 | + done; \ |
| 82 | + gpg --batch --export "$@" > /etc/apt/trusted.gpg.d/mongodb.gpg; \ |
| 83 | + command -v gpgconf && gpgconf --kill all || :; \ |
| 84 | + rm -r "$GNUPGHOME"; \ |
| 85 | + apt-key list |
| 86 | + |
| 87 | +# Allow build-time overrides (eg. to build image with MongoDB Enterprise version) |
| 88 | +# Options for MONGO_PACKAGE: mongodb-org OR mongodb-enterprise |
| 89 | +# Options for MONGO_REPO: repo.mongodb.org OR repo.mongodb.com |
| 90 | +# Example: docker build --build-arg MONGO_PACKAGE=mongodb-enterprise --build-arg MONGO_REPO=repo.mongodb.com . |
| 91 | +ARG MONGO_PACKAGE=mongodb-org |
| 92 | +ARG MONGO_REPO=repo.mongodb.org |
| 93 | +ENV MONGO_PACKAGE=${MONGO_PACKAGE} MONGO_REPO=${MONGO_REPO} |
| 94 | + |
| 95 | +ENV MONGO_MAJOR 5.0 |
| 96 | +RUN echo "deb http://$MONGO_REPO/apt/ubuntu focal/${MONGO_PACKAGE%-unstable}/$MONGO_MAJOR multiverse" | tee "/etc/apt/sources.list.d/${MONGO_PACKAGE%-unstable}.list" |
| 97 | + |
| 98 | +# http://docs.mongodb.org/master/release-notes/5.0/ |
| 99 | +ENV MONGO_VERSION 5.0.0 |
| 100 | +# 07/08/2021, https://github.com/mongodb/mongo/tree/1184f004a99660de6f5e745573419bda8a28c0e9 |
| 101 | + |
| 102 | +RUN set -x \ |
| 103 | +# installing "mongodb-enterprise" pulls in "tzdata" which prompts for input |
| 104 | + && export DEBIAN_FRONTEND=noninteractive \ |
| 105 | + && apt-get update \ |
| 106 | +# starting with MongoDB 4.3 (and backported to 4.0 and 4.2 *and* 3.6??), the postinst for server includes an unconditional "systemctl daemon-reload" (and we don't have anything for "systemctl" to talk to leading to dbus errors and failed package installs) |
| 107 | + && ln -s /bin/true /usr/local/bin/systemctl \ |
| 108 | + && apt-get install -y \ |
| 109 | + ${MONGO_PACKAGE}=$MONGO_VERSION \ |
| 110 | + ${MONGO_PACKAGE}-server=$MONGO_VERSION \ |
| 111 | + ${MONGO_PACKAGE}-shell=$MONGO_VERSION \ |
| 112 | + ${MONGO_PACKAGE}-mongos=$MONGO_VERSION \ |
| 113 | + ${MONGO_PACKAGE}-tools=$MONGO_VERSION \ |
| 114 | + && rm -f /usr/local/bin/systemctl \ |
| 115 | + && rm -rf /var/lib/apt/lists/* \ |
| 116 | + && rm -rf /var/lib/mongodb \ |
| 117 | + && mv /etc/mongod.conf /etc/mongod.conf.orig |
| 118 | + |
| 119 | +RUN mkdir -p /data/db /data/configdb \ |
| 120 | + && chown -R mongodb:mongodb /data/db /data/configdb |
| 121 | +VOLUME /data/db /data/configdb |
| 122 | + |
| 123 | +COPY docker-entrypoint.sh /usr/local/bin/ |
| 124 | +ENTRYPOINT ["docker-entrypoint.sh"] |
| 125 | + |
| 126 | +EXPOSE 27017 |
| 127 | +CMD ["mongod"] |
0 commit comments