From f94e9a21d6de98792b26e1ab9f26f81ab0ba4b94 Mon Sep 17 00:00:00 2001 From: Colin Hutchinson Date: Thu, 28 Mar 2019 10:33:31 -0400 Subject: [PATCH] feat(transparent) adjust the test container to allow transparent proxying (#29) * fix(transparent) adjust Kong test container so it will build a transparent proxy compatible container * mend * tests(Ubuntu) add setcap * test(AWS) Amazon linux doesn't include tar by default * test(AmazonLinux) need to install gzip * test(alpine) add setcap to the alpine test container * test(aws) amazonlinux needs shadow-utils installed * chore(gitignore) * fix(rhel) hostname is a dependency --- test/Dockerfile.alpine | 5 +++-- test/Dockerfile.deb | 10 +++++++++- test/Dockerfile.rpm | 11 +++++++++-- test/docker-entrypoint.sh | 8 +++++++- 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/test/Dockerfile.alpine b/test/Dockerfile.alpine index 2d470d2a1bf..fa0f1108835 100644 --- a/test/Dockerfile.alpine +++ b/test/Dockerfile.alpine @@ -6,11 +6,12 @@ ARG KONG_PACKAGE_NAME="kong" LABEL maintainer="Kong Core Team " RUN apk add --no-cache --virtual .build-deps tar ca-certificates \ - && apk add --no-cache libgcc pcre perl tzdata bash + && apk add --no-cache libgcc pcre perl tzdata bash su-exec libcap COPY output/${KONG_PACKAGE_NAME}-${KONG_VERSION}.apk.tar.gz kong.apk.tar.gz -RUN tar -xzf kong.apk.tar.gz -C /tmp \ +RUN adduser -Su 1337 kong \ + && tar -xzf kong.apk.tar.gz -C /tmp \ && rm -f kong.tar.gz \ && cp -R /tmp/usr / \ && rm -rf /tmp/usr \ diff --git a/test/Dockerfile.deb b/test/Dockerfile.deb index 2b55710ec1a..3a8512bbeb7 100644 --- a/test/Dockerfile.deb +++ b/test/Dockerfile.deb @@ -7,7 +7,15 @@ ARG KONG_VERSION="0.0.0" ARG KONG_PACKAGE_NAME="kong" ARG RESTY_IMAGE_TAG -RUN apt-get update && apt-get install -y perl +ARG SU_EXEC_VERSION=0.2 +ARG SU_EXEC_URL="https://github.com/ncopa/su-exec/archive/v${SU_EXEC_VERSION}.tar.gz" + +RUN apt-get update && apt-get install -y perl curl gcc build-essential libcap2-bin + +RUN curl -sL "${SU_EXEC_URL}" | tar -C /tmp -zxf - \ + && make -C "/tmp/su-exec-${SU_EXEC_VERSION}" \ + && cp "/tmp/su-exec-${SU_EXEC_VERSION}/su-exec" /usr/bin \ + && useradd --uid 1337 kong COPY output/${KONG_PACKAGE_NAME}-${KONG_VERSION}.${RESTY_IMAGE_TAG}.all.deb /kong.deb diff --git a/test/Dockerfile.rpm b/test/Dockerfile.rpm index d294aa6877f..8a8be5b48f2 100644 --- a/test/Dockerfile.rpm +++ b/test/Dockerfile.rpm @@ -7,6 +7,9 @@ ARG KONG_VERSION="0.0.0" ARG KONG_PACKAGE_NAME="kong" ARG RESTY_IMAGE_TAG +ARG SU_EXEC_VERSION=0.2 +ARG SU_EXEC_URL="https://github.com/ncopa/su-exec/archive/v${SU_EXEC_VERSION}.tar.gz" + ARG REDHAT_USERNAME ARG REDHAT_PASSWORD ARG RHEL="false" @@ -14,7 +17,7 @@ ARG RHEL="false" RUN if [ "$RHEL" = "true" ] ; then subscription-manager register --username ${REDHAT_USERNAME} --password ${REDHAT_PASSWORD} --auto-attach ; fi RUN if [ "$RHEL" = "true" ] ; then yum-config-manager --enable 'rhel-*-server-optional-rpms' ; fi -RUN yum -y install perl perl-Time-HiRes hostname +RUN yum -y install perl perl-Time-HiRes gcc make unzip tar gzip shadow-utils hostname RUN if [ "$RHEL" = "true" ] ; then \ subscription-manager remove --all \ @@ -24,7 +27,11 @@ RUN if [ "$RHEL" = "true" ] ; then \ COPY output/kong.rpm /kong.rpm -RUN rpm -i kong.rpm +RUN rpm -i kong.rpm \ + && curl -sL "${SU_EXEC_URL}" | tar -C /tmp -zxf - \ + && make -C "/tmp/su-exec-${SU_EXEC_VERSION}" \ + && cp "/tmp/su-exec-${SU_EXEC_VERSION}/su-exec" /usr/bin \ + && useradd --uid 1337 kong COPY test/docker-entrypoint.sh /docker-entrypoint.sh ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/test/docker-entrypoint.sh b/test/docker-entrypoint.sh index 37df5830faa..66c4132d048 100755 --- a/test/docker-entrypoint.sh +++ b/test/docker-entrypoint.sh @@ -9,8 +9,14 @@ if [[ "$1" == "kong" ]]; then if [[ "$2" == "docker-start" ]]; then kong prepare -p $PREFIX + chown -R kong $PREFIX + + chmod o+w /proc/self/fd/1 + chmod o+w /proc/self/fd/2 + + setcap cap_net_raw=+ep /usr/local/openresty/nginx/sbin/nginx - exec /usr/local/openresty/nginx/sbin/nginx \ + exec su-exec kong /usr/local/openresty/nginx/sbin/nginx \ -p $PREFIX \ -c nginx.conf fi